These questions are in addition to the WSP questions of the previous section. You should answer these questions if you are authority for, store, or broker user data, such as Personally Identifiable Information (PII).
What is the nature and sensitivity of the user data you handle?
What obligations do you pledge to honour with respect to user data trusted in your possession?
Either describe in prose or provide specific policies using Simple Obligations Language 1 (SOL1) or other obligations language you plan to use.
What obligations do you require other party to honour with respect to user data you release?
Either describe in prose or provide specific policies using Simple Obligations Language 1 (SOL1) or other obligations language you plan to use.
Do you have automatic mechanims for satisfying the obligations you pledged? Please describe: ______________________
Do you have automatic mechanims for verifying that the requesting party pledges to respect the obligations you issue?
What mechanisms do you provide to user and trust network operator to verify that you have complied with your pledges?
What mechanisms do you have or require from others to verify that they have complied with their pledges?
How do you protect the confidentiality of the stored user data? Describe any filesystem and cryptographic protections you employ.
How do you provide Right of Access, Rectification, and Deletion?
(__) Stand alone web GUI. URL: ________________
(__) iFrame widget Web GUI. URL: ________________
(__) Other method: ____________________________
In the eventuality of Rectification or Deletion, are you able to notify the parties to whom you have released the data in past?
What is your policy towards data requestors who refuse to subscribe to notifications? What about receipients that subscribed, but refuse the actual notification?