Criteria | Privacy | Knowledge Base

Privacy
Remove unnecessary sensitive information
Summary The system must remove sensitive and personal information when it is no longer required. Description Systems usually request sensitive or personal information from their users or collect it based on their interactions with the application. ...
Respect the Do Not Track header
Summary The system must respect the users chosen value for the Do Not Track (DNT) header. Description Systems usually request information from their users, obtain it from third parties or collect it based on their interactions with the application. ...
Notify third parties of changes
Summary The system must notify third parties when it rectifies or erases shared personal information. Description Systems usually request information from their users, obtain it from third parties or collect it based on their interactions with the ...
Allow erasure requests
Summary The system must allow its users to request erasure of collected data belonging to them. Description Systems usually request information from their users, obtain it from third parties or collect it based on their interactions with the ...
Allow rectification requests
Summary The system must allow its users to request rectification of the collected data belonging to them. Description Systems usually request information from their users, obtain it from third parties or collect it based on their interactions with ...
Provide processed data information
Summary The system must provide information about the personal data that it processes. Additionally, this information should be presented to the user before requesting their consent for its collection or processing. Description Systems usually ...
Provide processing confirmation
Summary The system must provide confirmation to its users of whether or not it is storing and/or processing their personal data. Description Systems usually request information from their users, obtain it from third parties or collect it based on ...
Inform inability to identify users
Summary The system must inform its users whenever it can demonstrate its inability to individually identify them using the information it has collected from them. Description Systems usually request information from their users or collect it based on ...
Allow user consent revocation
Summary The system must enable its users to revoke whatever consent they have granted. Description Systems usually request information from their users or collect it based on their interactions with the application. Regulations demand that none of ...
Demonstrate user consent
Summary The system must set a mechanism which can be used to demonstrate that users have granted their consent to collection of their data. Description Systems usually request information from their users or collect it based on their interactions ...
Request user consent
Summary The system must request the users consent whenever it will collect any information about them or their actions. This consent should not be requested before informing the user about the types of data that will be collected and the purpose for ...
Specify the purpose of data collection
Summary The system must specify the purpose of personal data collection (OECD.9, ISACA.G31.3.), and it must do so before requesting the users consent for the collection. Description Applications usually request or collect personal data from their ...

Criteria | Privacy | Knowledge Base

Privacy

Remove unnecessary sensitive information

Respect the Do Not Track header

Notify third parties of changes

Allow erasure requests

Allow rectification requests

Provide processed data information

Provide processing confirmation

Inform inability to identify users

Allow user consent revocation

Demonstrate user consent

Request user consent

Specify the purpose of data collection