[WG-P3] Privacy Assessment Criteria for the US Federal Privacy Profile

Wed Sep 21 06:00:54 EDT 2011

Thank You David,

These comment are now up on the P3Wiki -

On 20 Sep 2011, at 20:22, David Simonsen wrote:

> Hello all,
>
> sitting on the other side of the pond (EU/Denmark) it seems that now  
> could be the right time to build a harmonized (internationally  
> interoperable) view on many of the subjects described in this good  
> document?
>
> The EU Article 29 working party (consisting of the many national  
> data protection authorities) have recently reached consensus (!) on  
> 'informed consent', described in http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp187_en.pdf 
>  . Perhaps some of this can be useful?
>
> WAYF (the federation I mange) has had 'informed consent' operational  
> for all connected services for >2,5 years.
> We have consulted both legal experts and usability gurus (Fraunhofer  
> Institute in Stuttgart, Germany) along the way.These days I'm  
> writing a summery of our experience, which hopefully will be ready  
> to circulate in a few weeks.
> Would that be of interest to this group?
>
> I have read the P3WG document and added what came to mind along the  
> way. In the hope that at least some of it may be of help.
>
> Regards
> David Simonsen
>
> <RG-Kantara-1-4js-DSI-notes.doc>
>
>
> David Simonsen
> Executive manager
> Phone: +45 31216152
>
> H. C. Andersens Boulevard 2
> DK-1553 København V
>
> http://blog.wayf.dk
>
>
> On Sep 18, 2011, at 4:13 AM, j stollman wrote:
>
>> Bob,
>>
>> I reviewed your extremely thoughtful and useful document and  
>> incorporated comments and markups in the attached.
>>
>> Thank you.
>>
>> Jeff
>>
>> On Wed, Sep 14, 2011 at 6:22 PM, Mark Lizar <mark.lizar at gmail.com>  
>> wrote:
>> Thanks Anna & Bob,
>>
>> This is a terrific start to the PAC draft, I look forward to the  
>> P3WG comments and discussion.
>>
>> Mark
>>
>>
>> On 13 Sep 2011, at 22:14, Anna Slomovic/Equifax wrote:
>>
>>> Everyone,
>>>
>>> Attached please find a draft of the Privacy Assessment Criteria  
>>> for the US Federal Privacy Profile. Here are some explanations for  
>>> the way the document is structured and color-coded.
>>>
>>> Proposed language is shaded in gray.
>>>
>>> Each set of proposed assessment criteria is followed by Drafter’s  
>>> Notes, which raise issues and questions that need to be addressed  
>>> for clarity and usability of the criteria.
>>>
>>> Some of the Notes are shaded yellow; those need to be cross- 
>>> referenced with IAWG and other Kantara documents. Most of the  
>>> issues shaded in yellow are definitional, but not all. Some  
>>> involve capability required in the Privacy Profile but absent in  
>>> the current set of overall Service Assessment Criteria, like the  
>>> ability to deliver a separate optional notice from the Relying  
>>> Party in addition to the CSP’s notice about its own operations.
>>>
>>> The issues that are unshaded will constitute the bulk of P3WG’s  
>>> work to complete the Privacy Assessment Criteria. These issues  
>>> form the substance of how the Privacy Profile will be implemented  
>>> by CSPs and how their privacy practices will be judged. For  
>>> example, under “Informed Consent,” we need to answer the question  
>>> about whether notice and consent-related behavior can or should be  
>>> different at different Levels of Assurance. In another example,  
>>> the Minimalism requirement in the Profile applies only to the data  
>>> transmitted to the Relying Party—but should there be any kind of  
>>> limitation on data collected for identity verification or  
>>> attribute verification?
>>>
>>> I think you will find the document interesting and thought- 
>>> provoking. In order to bring this work to conclusion, we will be  
>>> discussing various topics as part of our P3WG calls. We need  
>>> someone to serve as a champion and subject-matter expert to  
>>> document the group’s deliberation, draft proposed language based  
>>> on the group’s consensus, and then incorporate the changes into a  
>>> final document. At the same time, Anna T will connect with the  
>>> editors at IAWG to work through the issues related to the cross- 
>>> reference between various Kantara documents.
>>>
>>> Please let me and Mark know whether you would like to serve as  
>>> champion for the Privacy Assessment Criteria going forward. I look  
>>> forward to our first discussion of the document in about 10 days.
>>>
>>> Thanks.
>>>
>>> Anna
>>>
>>>
>>> Anna Slomovic
>>> Chief Privacy Officer
>>> Equifax, Inc.
>>> 1010 N. Glebe Rd.
>>> Suite 500
>>> Arlington, VA 22201
>>>
>>> P: 703.888.4620
>>> M: 703.254.9656
>>> F: 703.243.7576
>>> E: Anna.Slomovic at equifax.com
>>>
>>>
>>>
>>> This message contains information from Equifax Inc. which may be  
>>> confidential and privileged. If you are not an intended recipient,  
>>> please refrain from any disclosure, copying, distribution or use  
>>> of this information and note that such actions are prohibited. If  
>>> you have received this transmission in error, please notify by e- 
>>> mail postmaster at equifax.com.
>>> <RG-Kantara-1-4.doc>_______________________________________________
>>> WG-P3 mailing list
>>> WG-P3 at kantarainitiative.org
>>> http://kantarainitiative.org/mailman/listinfo/wg-p3
>>
>>
>> _______________________________________________
>> WG-P3 mailing list
>> WG-P3 at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-p3
>>
>>
>>
>>
>> -- 
>> Jeff Stollman
>> stollman.j at gmail.com
>> 1 202.683.8699
>> <RG-Kantara-1-4js.doc>_______________________________________________
>> WG-P3 mailing list
>> WG-P3 at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-p3
>
> _______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110921/1524b07e/attachment-0001.html 