From b86a1d6d67cbd81d6e9aebd938a5904841c3d186 Mon Sep 17 00:00:00 2001 From: Rahmadi Trimananda Date: Thu, 5 Sep 2024 15:44:22 -0400 Subject: [PATCH] Update README.md Reformatted the tooltip texts. --- xCOMPASS/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xCOMPASS/README.md b/xCOMPASS/README.md index c20c6ee..1871c34 100644 --- a/xCOMPASS/README.md +++ b/xCOMPASS/README.md @@ -9,17 +9,17 @@ | Scoping Questions | |---| -| Does the application code contain personal information?
*Answer "Yes" if the source code of the app itself contains personal information. Additional information on what constitutes PI can be found here: https://en.wikipedia.org/wiki/Personal_data* | -| Do any databases used by the application contain personal information?
*Answer "Yes" if the app uses any databases that contain personal information. Additional information on what constitutes personal information can be found here: https://en.wikipedia.org/wiki/Personal_data*

If the application has personal information, has it been de-deidentified?
*Answer "Yes" if the PI in the app has not gone through de-identification process. Additional information on what constitutes personal information can be found here: https://en.wikipedia.org/wiki/Personal_data* | -| Do any application logs contain personal information?
*Answer "Yes" if the app creates any log files that contain personal information. Additional information on what constitutes personal information can be found here: https://en.wikipedia.org/wiki/Personal_data* | +| Does the application code contain personal information?
*Answer "Yes" if the source code of the app itself contains personal information. Additional information on what constitutes PI can be found [here](https://en.wikipedia.org/wiki/Personal_data).*| +| Do any databases used by the application contain personal information?
*Answer "Yes" if the app uses any databases that contain personal information. Additional information on what constitutes personal information can be found [here](https://en.wikipedia.org/wiki/Personal_data).*

If the application has personal information, has it been de-deidentified?
*Answer "Yes" if the PI in the app has not gone through de-identification process. Additional information on what constitutes personal information can be found [here](https://en.wikipedia.org/wiki/Personal_data).* | +| Do any application logs contain personal information?
*Answer "Yes" if the app creates any log files that contain personal information. Additional information on what constitutes personal information can be found [here](https://en.wikipedia.org/wiki/Personal_data).* | The following categories of information often come with special legislative protections. | Special categories of Personal Information | |---| -| **Biometric data**: Does the application collect biometric data?
*Answer "Yes" if the app collects biometric data. Generally, biometric data (e.g., fingerprints, retina scans, etc.) require explicit notice and written consent from customers before collection. Such data can also not be sent to third-parties, monetized, or retained without consent.* | -| **Children data**: Does the application collect data from youth under 16?
*Answer "Yes" if the app collects children data. Generally, data collected from children require explicit notice and written consent from parents/guardians (for users under 13 years) or children (for users between 13-16 years). Such data can also not be sent to third-parties, monetized, or retained without consent. Privacy settings should be easy to understand for children. If the child is being tracked by an adult through the app, the child should be notified (e.g., a green LED light can indicate that a camera is switched on).* | -| **CPNI**: Does the application contain CPNI data?
*Answer "Yes" if the app collects/contains CPNI (Customer Proprietary Network Information), e.g., IP/MAC address. Generally, the use of CPNI data is limited to specific purposes. It cannot be used for marketing that a customer has not opted into.* | -| **Voice and Video**: Does the application collect voice or video data?
*Answer "Yes" if the app collects voice/video data. Generally, voice data cannot be used for advertisement purposes, even if collected by or for a third-party partner. Organization must have an individual’s prior, written permission before collecting or recording any audio/visual or other sensor data from within their dwelling. For both video and voice data, specific consent obligations must be met. Please consult Privacy Legal for additional information.* | +| **Biometric data**: Does the application collect biometric data?
*Answer "Yes" if the app collects biometric data. Generally, biometric data (e.g., fingerprints, retina scans, etc.) require explicit notice and written consent from customers before collection. Such data can also not be sent to third-parties, monetized, or retained without consent.* | +| **Children data**: Does the application collect data from youth under 16?
*Answer "Yes" if the app collects children data. Generally, data collected from children require explicit notice and written consent from parents/guardians (for users under 13 years) or children (for users between 13-16 years). Such data can also not be sent to third-parties, monetized, or retained without consent. Privacy settings should be easy to understand for children. If the child is being tracked by an adult through the app, the child should be notified (e.g., a green LED light can indicate that a camera is switched on).* | +| **CPNI**: Does the application contain CPNI data?
*Answer "Yes" if the app collects/contains CPNI (Customer Proprietary Network Information), e.g., IP/MAC address. Generally, the use of CPNI data is limited to specific purposes. It cannot be used for marketing that a customer has not opted into.* | +| **Voice and Video**: Does the application collect voice or video data?
*Answer "Yes" if the app collects voice/video data. Generally, voice data cannot be used for advertisement purposes, even if collected by or for a third-party partner. Organization must have an individual’s prior, written permission before collecting or recording any audio/visual or other sensor data from within their dwelling. For both video and voice data, specific consent obligations must be met. Please consult Privacy Legal for additional information.*|

xCOMPASS Questionnaire

The threats are categorized by FIPPs (Fair Information Practice Principles), the principles which guide privacy regulation. This makes it easy to understand which threat category a question falls under.