ORCID is a nonprofit helping create a world in which all who participate in research, scholarship and innovation are uniquely identified and connected to their contributions and affiliations, across disciplines, borders, and time. In October 2012, ORCID launched its open registry of person identifiers for researchers (the ‘R’) and other research contributors (the ‘C’). Since then, more than 2 million ORCID identifiers have been minted by individuals themselves. Over 400 organizations worldwide have committed to incorporating iDs into their systems and workflows, and publishers and funders are starting to require iDs during submission. Even with this broad adoption, the complementary role of individuals and organizations in the propagation and use of ORCID identifiers and related information is often misunderstood, even by the individuals themselves. This lightning talk explains ORCID’s individual permission model that puts the ORCID iD-holder in full control of her/his record, and how this interacts with third-party assertions.