[WG-P3] Privacy Assessment Criteria for the US Federal Privacy Profile
mark.lizar at gmail.com
Wed Sep 14 06:22:52 EDT 2011
Thanks Anna & Bob,
This is a terrific start to the PAC draft, I look forward to the P3WG
comments and discussion.
On 13 Sep 2011, at 22:14, Anna Slomovic/Equifax wrote:
> Attached please find a draft of the Privacy Assessment Criteria for
> the US Federal Privacy Profile. Here are some explanations for the
> way the document is structured and color-coded.
> Proposed language is shaded in gray.
> Each set of proposed assessment criteria is followed by Drafter’s
> Notes, which raise issues and questions that need to be addressed
> for clarity and usability of the criteria.
> Some of the Notes are shaded yellow; those need to be cross-
> referenced with IAWG and other Kantara documents. Most of the issues
> shaded in yellow are definitional, but not all. Some involve
> capability required in the Privacy Profile but absent in the current
> set of overall Service Assessment Criteria, like the ability to
> deliver a separate optional notice from the Relying Party in
> addition to the CSP’s notice about its own operations.
> The issues that are unshaded will constitute the bulk of P3WG’s work
> to complete the Privacy Assessment Criteria. These issues form the
> substance of how the Privacy Profile will be implemented by CSPs and
> how their privacy practices will be judged. For example, under
> “Informed Consent,” we need to answer the question about whether
> notice and consent-related behavior can or should be different at
> different Levels of Assurance. In another example, the Minimalism
> requirement in the Profile applies only to the data transmitted to
> the Relying Party—but should there be any kind of limitation on data
> collected for identity verification or attribute verification?
> I think you will find the document interesting and thought-
> provoking. In order to bring this work to conclusion, we will be
> discussing various topics as part of our P3WG calls. We need someone
> to serve as a champion and subject-matter expert to document the
> group’s deliberation, draft proposed language based on the group’s
> consensus, and then incorporate the changes into a final document.
> At the same time, Anna T will connect with the editors at IAWG to
> work through the issues related to the cross-reference between
> various Kantara documents.
> Please let me and Mark know whether you would like to serve as
> champion for the Privacy Assessment Criteria going forward. I look
> forward to our first discussion of the document in about 10 days.
> Anna Slomovic
> Chief Privacy Officer
> Equifax, Inc.
> 1010 N. Glebe Rd.
> Suite 500
> Arlington, VA 22201
> P: 703.888.4620
> M: 703.254.9656
> F: 703.243.7576
> E: Anna.Slomovic at equifax.com
> This message contains information from Equifax Inc. which may be
> confidential and privileged. If you are not an intended recipient,
> please refrain from any disclosure, copying, distribution or use of
> this information and note that such actions are prohibited. If you
> have received this transmission in error, please notify by e-mail postmaster at equifax.com
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-P3