[WG-P3] Privacy Assessment Criteria for the US Federal Privacy Profile

Sat Sep 17 22:13:55 EDT 2011

Bob,

I reviewed your extremely thoughtful and useful document and incorporated
comments and markups in the attached.

Thank you.

Jeff

On Wed, Sep 14, 2011 at 6:22 PM, Mark Lizar <mark.lizar at gmail.com> wrote:

> Thanks Anna & Bob,
>
> This is a terrific start to the PAC draft, I look forward to the P3WG
> comments and discussion.
>
> Mark
>
>
> On 13 Sep 2011, at 22:14, Anna Slomovic/Equifax wrote:
>
> Everyone,****
> ** **
> Attached please find a draft of the Privacy Assessment Criteria for the US
> Federal Privacy Profile. Here are some explanations for the way the document
> is structured and color-coded.****
> ** **
> Proposed language is shaded in gray.****
> ** **
> Each set of proposed assessment criteria is followed by Drafter’s Notes,
> which raise issues and questions that need to be addressed for clarity and
> usability of the criteria.****
> ** **
> Some of the Notes are shaded yellow; those need to be cross-referenced with
> IAWG and other Kantara documents. Most of the issues shaded in yellow are
> definitional, but not all. Some involve capability required in the Privacy
> Profile but absent in the current set of overall Service Assessment
> Criteria, like the ability to deliver a separate optional notice from the
> Relying Party in addition to the CSP’s notice about its own operations.***
> *
> ** **
> The issues that are unshaded will constitute the bulk of P3WG’s work to
> complete the Privacy Assessment Criteria. These issues form the substance of
> how the Privacy Profile will be implemented by CSPs and how their privacy
> practices will be judged. For example, under “Informed Consent,” we need to
> answer the question about whether notice and consent-related behavior can or
> should be different at different Levels of Assurance. In another example,
> the Minimalism requirement in the Profile applies only to the data
> transmitted to the Relying Party—but should there be any kind of limitation
> on data collected for identity verification or attribute verification?****
> ** **
> I think you will find the document interesting and thought-provoking. In
> order to bring this work to conclusion, we will be discussing various topics
> as part of our P3WG calls. We need someone to serve as a champion and
> subject-matter expert to document the group’s deliberation, draft proposed
> language based on the group’s consensus, and then incorporate the changes
> into a final document. At the same time, Anna T will connect with the
> editors at IAWG to work through the issues related to the cross-reference
> between various Kantara documents.****
> ** **
> Please let me and Mark know whether you would like to serve as champion for
> the Privacy Assessment Criteria going forward. I look forward to our first
> discussion of the document in about 10 days.****
> ** **
> Thanks.****
> ** **
> Anna****
> ** **
> ** **
> Anna Slomovic****
> Chief Privacy Officer****
> Equifax, Inc.****
> 1010 N. Glebe Rd.****
> Suite 500****
> Arlington, VA 22201****
> ** **
> P: 703.888.4620****
> M: 703.254.9656****
> F: 703.243.7576****
> E: Anna.Slomovic at equifax.com****
> ** **
> ** **
>
> ------------------------------
> This message contains information from Equifax Inc. which may be
> confidential and privileged. If you are not an intended recipient, please
> refrain from any disclosure, copying, distribution or use of this
> information and note that such actions are prohibited. If you have received
> this transmission in error, please notify by e-mail postmaster at equifax.com
> .
> <RG-Kantara-1-4.doc>_______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3
>
>
>
> _______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3
>
>

-- 
Jeff Stollman
stollman.j at gmail.com
1 202.683.8699
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110918/18266715/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: RG-Kantara-1-4js.doc
Type: application/msword
Size: 101376 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-p3/attachments/20110918/18266715/attachment-0001.doc 