End To End Trust

Creating a Safer, More Trusted Internet

United States   Change | All Microsoft Sites
End to End Trust Progress
Protecting Identity Information Online

"'Levels of protection' refers to degrees of data protection applied to identity information."

SOCIAL, ECONOMIC, POLITICAL, AND IT ALIGNMENT

Protecting identity information online

A common source of distrust in online interactions today stems from people's lack of confidence that their identity information will be treated with care. "Levels of protection" refers to degrees of data protection applied to identity information, with progressive levels allowing parties who disclose or receive identity information to know in advance how it is to be treated. This white paper (PDF) proposes the development of levels of protection (LOPs) to enable a person disclosing identity information (a Discloser) to have assurance that it will be treated with appropriate protection by the party to whom it is disclosed (the Receiver).

The paper recommends the development of LOPs that all address the same data protection principles but that do so to progressive degrees: the higher the LOP, the stronger the afforded protection. The data protection principles addressed are collection limitation, notice, choice, use, data quality, security safeguards, right of access, accountability, onward transfer, and permitted exemptions. Each of these principles will be met with relatively light data protection at LOP1, whereas each of them will be met with rather strict protection at LOP4.

By signaling the strength of protection offered by Receivers of data, LOPs can help Receivers indicate the level of data protection they offer and enable Disclosers to opt for protection levels according to context. In this way, LOPs can facilitate exchanges that conform to law and give contracting parties greater predictability and the ability to negotiate. It is envisioned that the LOPs can be used by trust frameworks and in cloud computing. In time, jurisdictions will be able to formally establish that a particular LOP meets their legal requirements.


Was This Information Useful?