[WG-P3] Privacy Assessment Criteria for the US Federal Privacy Profile

Wed Sep 21 22:46:31 EDT 2011

+1 from me too.

I've added a comment on the wiki (the doc on the wiki is 'read only' for me) so you should be able to see it via the P3Wiki link Mark has given below.

Cheers
Colin

From: mark.lizar at gmail.com
To: david at wayf.dk
Date: Wed, 21 Sep 2011 11:00:54 +0100
CC: wg-p3 at kantarainitiative.org
Subject: Re: [WG-P3] Privacy Assessment Criteria for the US Federal Privacy	Profile

Thank You David, 
These comment are now up on the P3Wiki - 
On 20 Sep 2011, at 20:22, David Simonsen wrote:Hello all,
sitting on the other side of the pond (EU/Denmark) it seems that now could be the right time to build a harmonized (internationally interoperable) view on many of the subjects described in this good document?
The EU Article 29 working party (consisting of the many national data protection authorities) have recently reached consensus (!) on 'informed consent', described in http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp187_en.pdf . Perhaps some of this can be useful?
WAYF (the federation I mange) has had 'informed consent' operational for all connected services for >2,5 years.We have consulted both legal experts and usability gurus (Fraunhofer Institute in Stuttgart, Germany) along the way.These days I'm writing a summery of our experience, which hopefully will be ready to circulate in a few weeks. Would that be of interest to this group?
I have read the P3WG document and added what came to mind along the way. In the hope that at least some of it may be of help.
RegardsDavid Simonsen
<RG-Kantara-1-4js-DSI-notes.doc>
 David SimonsenExecutive managerPhone: +45 31216152
H. C. Andersens Boulevard 2DK-1553 København V
http://blog.wayf.dk

On Sep 18, 2011, at 4:13 AM, j stollman wrote:Bob,

I reviewed your extremely thoughtful and useful document and incorporated comments and markups in the attached.

Thank you.

Jeff

On Wed, Sep 14, 2011 at 6:22 PM, Mark Lizar <mark.lizar at gmail.com> wrote:
 Thanks Anna & Bob, 
This is a terrific start to the PAC draft, I look forward to the P3WG comments and discussion.  
Mark 

On 13 Sep 2011, at 22:14, Anna Slomovic/Equifax wrote:
 Everyone,   Attached please find a draft of the Privacy Assessment Criteria for the US Federal Privacy Profile. Here are some explanations for the way the document is structured and color-coded.   Proposed language is shaded in gray.  Each set of proposed assessment criteria is followed by Drafter’s Notes, which raise issues and questions that need to be addressed for clarity and usability of the criteria.   Some of the Notes are shaded yellow; those need to be cross-referenced with IAWG and other Kantara documents. Most of the issues shaded in yellow are definitional, but not all. Some involve capability required in the Privacy Profile but absent in the current set of overall Service Assessment Criteria, like the ability to deliver a separate optional notice from the Relying Party in addition to the CSP’s notice about its own operations.   The issues that are unshaded will constitute the bulk of P3WG’s work to complete the Privacy Assessment Criteria. These issues form the substance of how the Privacy Profile will be implemented by CSPs and how their privacy practices will be judged. For example, under “Informed Consent,” we need to answer the question about whether notice and consent-related behavior can or should be different at different Levels of Assurance. In another example, the Minimalism requirement in the Profile applies only to the data transmitted to the Relying Party—but should there be any kind of limitation on data collected for identity verification or attribute verification?   I think you will find the document interesting and thought-provoking. In order to bring this work to conclusion, we will be discussing various topics as part of our P3WG calls. We need someone to serve as a champion and subject-matter expert to document the group’s deliberation, draft proposed language based on the group’s consensus, and then incorporate the changes into a final document. At the same time, Anna T will connect with the editors at IAWG to work through the issues related to the cross-reference between various Kantara documents.   Please let me and Mark know whether you would like to serve as champion for the Privacy Assessment Criteria going forward. I look forward to our first discussion of the document in about 10 days.   Thanks.  Anna    Anna Slomovic Chief Privacy Officer Equifax, Inc. 1010 N. Glebe Rd. Suite 500 Arlington, VA 22201  P: 703.888.4620 M: 703.254.9656 F: 703.243.7576 E: Anna.Slomovic at equifax.com    
This message contains information from Equifax Inc. which may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster at equifax.com.
 <RG-Kantara-1-4.doc>_______________________________________________
WG-P3 mailing list
WG-P3 at kantarainitiative.org
 http://kantarainitiative.org/mailman/listinfo/wg-p3

_______________________________________________
 WG-P3 mailing list
 WG-P3 at kantarainitiative.org
 http://kantarainitiative.org/mailman/listinfo/wg-p3

-- 
Jeff Stollman
stollman.j at gmail.com
1 202.683.8699
 <RG-Kantara-1-4js.doc>_______________________________________________
WG-P3 mailing list
WG-P3 at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-p3

_______________________________________________
WG-P3 mailing list
WG-P3 at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-p3

_______________________________________________
WG-P3 mailing list
WG-P3 at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-p3 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110922/1a0e4932/attachment.html 