Below is an initial draft Trust Framework System Rules for Personal Data. Much of the text is “place holder”. The draft is part of a larger project to develop a Model Trust Framework suitable for general use, with several reference implementations. This draft represents one such reference implementations in the Personal Data arena. As such the Fair Information Practice Principles are reflected in the form of System Rules, and the primacy of the individual user who stores their Personal Data (called the “Principal User”) is reflected in the ownership and control provisions. The ownership and control extends to the underlying Identity Account for the user as well as to the user’s data such that the user owns and controls their individual identity, but not necessarily the attributes about the identity that are generated by third parties. In addition, the draft follows the “Business, Legal, Technical” three-dimensional format for System Rules.

These System Rules have been created according to the Interlateral Codification method, such that the legal rules may be coded as and into software and the technology rules may be expressed in human and lawyer readable documents. The System Rules exists as data that is dynamically populated on this page via a query statement to the cloud (hence the hokey box table which will soon be formatted nicely via CSS). By serving the System Rules from a data-driven format, it is possible to align certain legal and technical rules (such as Access Control requirements) such that each dimension is explicitly, traceably and provably in alignment and harmonization. This means that when a value is updated (such as requiring a system administrator role access level to perform a given function) it is possible to articulate that rule as a legal requirements and technology requirements. At that point, the data from the relevant fields of the System Rules can be linked to implementing software (such as XACML and SOA systems) to literally ensure the enterprise, app or service is in compliance.  However, given the difficulty of reading a table-based data-driven document, I’ve also attached a PDF version here [Model-TF-PersData-Feb24-pdf] based on a report run Feb 24, 2012 (for current information, please refer to the information below from the data-driven process).

If you would like more information about this project, or to join the team, please contact me. Please note that this is the initial release for comment and does not necessarily reflect the views of any other entity including the IDcubed.org, the Model Trust Framework advisory team or any other person or entity.