[WG-P3] Privacy Assessment Criteria for the US Federal Privacy Profile

[Mark Lizar]

Thanks Anna & Bob,

This is a terrific start to the PAC draft, I look forward to the P3WG  
comments and discussion.

Mark


On 13 Sep 2011, at 22:14, Anna Slomovic/Equifax wrote:

> Everyone,
>
> Attached please find a draft of the Privacy Assessment Criteria for  
> the US Federal Privacy Profile. Here are some explanations for the  
> way the document is structured and color-coded.
>
> Proposed language is shaded in gray.
>
> Each set of proposed assessment criteria is followed by Drafter’s  
> Notes, which raise issues and questions that need to be addressed  
> for clarity and usability of the criteria.
>
> Some of the Notes are shaded yellow; those need to be cross- 
> referenced with IAWG and other Kantara documents. Most of the issues  
> shaded in yellow are definitional, but not all. Some involve  
> capability required in the Privacy Profile but absent in the current  
> set of overall Service Assessment Criteria, like the ability to  
> deliver a separate optional notice from the Relying Party in  
> addition to the CSP’s notice about its own operations.
>
> The issues that are unshaded will constitute the bulk of P3WG’s work  
> to complete the Privacy Assessment Criteria. These issues form the  
> substance of how the Privacy Profile will be implemented by CSPs and  
> how their privacy practices will be judged. For example, under  
> “Informed Consent,” we need to answer the question about whether  
> notice and consent-related behavior can or should be different at  
> different Levels of Assurance. In another example, the Minimalism  
> requirement in the Profile applies only to the data transmitted to  
> the Relying Party—but should there be any kind of limitation on data  
> collected for identity verification or attribute verification?
>
> I think you will find the document interesting and thought- 
> provoking. In order to bring this work to conclusion, we will be  
> discussing various topics as part of our P3WG calls. We need someone  
> to serve as a champion and subject-matter expert to document the  
> group’s deliberation, draft proposed language based on the group’s  
> consensus, and then incorporate the changes into a final document.  
> At the same time, Anna T will connect with the editors at IAWG to  
> work through the issues related to the cross-reference between  
> various Kantara documents.
>
> Please let me and Mark know whether you would like to serve as  
> champion for the Privacy Assessment Criteria going forward. I look  
> forward to our first discussion of the document in about 10 days.
>
> Thanks.
>
> Anna
>
>
> Anna Slomovic
> Chief Privacy Officer
> Equifax, Inc.
> 1010 N. Glebe Rd.
> Suite 500
> Arlington, VA 22201
>
> P: 703.888.4620
> M: 703.254.9656
> F: 703.243.7576
> E: Anna.Slomovic at equifax.com
>
>
>
> This message contains information from Equifax Inc. which may be  
> confidential and privileged. If you are not an intended recipient,  
> please refrain from any disclosure, copying, distribution or use of  
> this information and note that such actions are prohibited. If you  
> have received this transmission in error, please notify by e-mail postmaster at equifax.com 
> .
> <RG-Kantara-1-4.doc>_______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110914/9967bc1e/attachment.html