This is a very generic question which may have been answered by someone already. Appreciate if any one can point me in that direction.
Is there a generic list of attributes that can be shared as part of SAML federation partnership?
What are the general guidelines for information that can be shared with third parties?
What kind of approvals does IT have to go through before allowing information can be shared with third parties?
What are the guidelines to define a specific attribute as PII or not?
some attributes such as email can be considered personal in Europe but not in US. If a company has employees across all regions, who should create policy that complies with all regions.
I understand this differs from company to company but I am wondering if there is a generic policy which can be used as a base to customize for our company's needs.
Thanks in advance.