[WG-P3] Privacy Assessment Criteria for the US Federal Privacy Profile

Anna Slomovic/Equifax anna.slomovic at equifax.com
Tue Sep 13 17:14:56 EDT 2011 

Everyone,



Attached please find a draft of the Privacy Assessment Criteria for the US Federal Privacy Profile. Here are some explanations for the way the document is structured and color-coded.



Proposed language is shaded in gray.



Each set of proposed assessment criteria is followed by Drafter's Notes, which raise issues and questions that need to be addressed for clarity and usability of the criteria.



Some of the Notes are shaded yellow; those need to be cross-referenced with IAWG and other Kantara documents. Most of the issues shaded in yellow are definitional, but not all. Some involve capability required in the Privacy Profile but absent in the current set of overall Service Assessment Criteria, like the ability to deliver a separate optional notice from the Relying Party in addition to the CSP's notice about its own operations.



The issues that are unshaded will constitute the bulk of P3WG's work to complete the Privacy Assessment Criteria. These issues form the substance of how the Privacy Profile will be implemented by CSPs and how their privacy practices will be judged. For example, under "Informed Consent," we need to answer the question about whether notice and consent-related behavior can or should be different at different Levels of Assurance. In another example, the Minimalism requirement in the Profile applies only to the data transmitted to the Relying Party-but should there be any kind of limitation on data collected for identity verification or attribute verification?



I think you will find the document interesting and thought-provoking. In order to bring this work to conclusion, we will be discussing various topics as part of our P3WG calls. We need someone to serve as a champion and subject-matter expert to document the group's deliberation, draft proposed language based on the group's consensus, and then incorporate the changes into a final document. At the same time, Anna T will connect with the editors at IAWG to work through the issues related to the cross-reference between various Kantara documents.



Please let me and Mark know whether you would like to serve as champion for the Privacy Assessment Criteria going forward. I look forward to our first discussion of the document in about 10 days.



Thanks.



Anna





Anna Slomovic

Chief Privacy Officer

Equifax, Inc.

1010 N. Glebe Rd.

Suite 500

Arlington, VA 22201



P: 703.888.4620

M: 703.254.9656

F: 703.243.7576

E: Anna.Slomovic at equifax.com





________________________________
This message contains information from Equifax Inc. which may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster at equifax.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110913/4397a63c/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: RG-Kantara-1-4.doc
Type: application/msword
Size: 97280 bytes
Desc: RG-Kantara-1-4.doc
Url : http://kantarainitiative.org/pipermail/wg-p3/attachments/20110913/4397a63c/attachment-0001.doc

More information about the WG-P3 mailing list