[KI-LC] GDPR and Kantara approach question

John Wunderlich john at wunderlich.ca
Wed Mar 1 08:36:46 CST 2017


Thanks Allan, for voicing what was in the back of my mind as well. The GDPR
- since it's not implemented yet - serves as kind of a Rorshach test. You
take away from it what you bring to it. It's a big piece of legislation
with many potential impacts. But it seems to me that as people start to
grapple with the GDPR in terms of real world prospects  &  problems (to
your point about specific work products) or prospect new work group ideas
will emerge or existing work groups will need to factor this into their
roadmaps. Otherwise we might hare madly off in all directions.

For example, one question I have is whether an identity federation
qualifies as 'profiling' under the GDPR. If so are all the participants in
a federation controllers per GDPR with obligations to individuals? Might to
something for OTTO to look at...or not.

JW



John Wunderlich, BA, MBA

IAPP Fellow of Information Privacy
CISA, CIPM, CIPP/C, PbD Ambassador
@PrivacyCDN <https://twitter.com/PrivacyCDN> & Privacist

On 1 March 2017 at 04:04, Allan Foster <allan.foster at forgerock.com> wrote:

> So in theory,  I am kinda agnostic about the WG.  however,  this brings up
> an interesting chicken and egg issue.
>
> Surely we should be looking at specific work products that we should work
> on,  and then try and find them a home?  I have a gut feeling that much of
> GDPR is going to find homes in several of our workgroups.  For example
> privacy,  and consent receipts already are being addressed....  Federation
> Interop might actually have some valid input as well...
>
>
> I suggest we work on what work items we want to do,  and THEN find them a
> home?
>
> Allan
>
>
> On 2/28/17 4:30 PM, Colin Wallis wrote:
>
> Good discussion.
>
> I like the cadence (Jeeez I'm starting to hate that term) of toolkits
> because UMA has used that approach successfully, and leveraging successful
> things typically results in more success.
>
> I would have thought a time-bound DG is appropriate, else you risk
> breaking your own rules Mr Hughes..:-).
>
> Cheers
>
> On Tue, Feb 28, 2017 at 11:53 PM, Andrew Hughes <
> andrewhughes3000 at gmail.com> wrote:
>
>> OK - that would be interesting
>>
>> I'm also wondering if any of our members are doing work related to GDPR
>> and could use some Kantara tools to help - sample text, some of the lists
>> and categories coming soon from consent receipt, hmmmm...
>>
>> On Tue, Feb 28, 2017 at 3:49 PM Salvatore D'Agostino <sal at idmachines.com>
>> wrote:
>>
>>> So how about a contribution from each of the DGs, WGs on a single aspect
>>> of their effort for sharing in a toolkit.  I we need to have the groups
>>> contribute and be directly involved or you cross wires.  Challenge is
>>> bandwidth per usual.
>>>
>>>
>>>
>>> So for IRM it might be a GDPR use case as a way to exercise a
>>> relationship manager effort in the next phase of work.
>>>
>>>
>>>
>>> *From:* lc-bounces at kantarainitiative.org [mailto:lc-bounces at kantarainit
>>> iative.org] *On Behalf Of *Andrew Hughes
>>> *Sent:* Tuesday, February 28, 2017 6:15 PM
>>> *To:* Mark OCG <m.lizar at openconsentgroup.com>
>>> *Cc:* Julian Ranger <julian at digi.me>; Robin Wilton <wilton at isoc.org>;
>>> Kantara Leadership Council < <lc at kantarainitiative.org>
>>> lc at kantarainitiative.org>
>>> *Subject:* Re: [KI-LC] GDPR and Kantara approach question
>>>
>>>
>>>
>>> Hi mark - yes it is vague - I'm looking for opinions.
>>>
>>> The only thing behind this is that I was wondering if there could/should
>>> be a "Kantara GDPR Toolkit"
>>>
>>> Because I keep hearing that there is great demand for assistance and I'm
>>> wondering it Kantara can do something useful for the community.
>>>
>>> Andrew.
>>>
>>> On Tue, Feb 28, 2017 at 2:56 PM Mark OCG <
>>> <m.lizar at openconsentgroup.com>m.lizar at openconsentgroup.com> wrote:
>>>
>>> Hi Andrew,
>>>
>>>
>>>
>>> This is all bit vague. Not clear from what perspective Kantara should be
>>> inclined to ‘do something’ for the GDPR.
>>>
>>>
>>>
>>> As you may or may not be aware Data Protection and Data Control mitigate
>>> each other in terms of risk and liability.  GDPR is fundamentally about
>>> data protection. Standards address risk and liability in different ways.
>>>
>>>
>>>
>>> It is conceivable that Kantara could have a program that spans this
>>> space - but not sure if a GDPR centric approach would achieve such a
>>> result.   Perhaps evaluating how Kantara efforts relate to GDPR might be
>>> fruitful?  A little survey perhaps?
>>>
>>>
>>>
>>> Is there a deeper insight/motivation missing from this email ?
>>>
>>>
>>>
>>> *Mark Lizar*
>>>
>>> CEO Open Consent Group
>>>
>>>
>>>
>>>
>>>
>>> On 28 Feb 2017, at 21:53, Andrew Hughes < <andrewhughes3000 at gmail.com>
>>> andrewhughes3000 at gmail.com> wrote:
>>>
>>>
>>>
>>> I'm not sure if we need a DG or not - there are some very specific
>>> things about GDPR (and lots of analysis everywhere)
>>>
>>> I'm also hoping that this will bring new faces to the table.
>>>
>>> On Tue, Feb 28, 2017 at 1:52 PM Ken Dagg < <kendaggtbs at gmail.com>
>>> kendaggtbs at gmail.com> wrote:
>>>
>>> As much as I don't want to spread Kantara's thin participative resources
>>> thinner I think that your suggestion of a new WG makes sense. A new WG
>>> would enable a keen focus on GDPR without the distraction of what the other
>>> WG's are attempting to achieve. Does it make sense to start with a DG to
>>> identify what things need to be done and in what order or is that the first
>>> task of the WG?
>>>
>>>
>>>
>>> Ken
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Feb 28, 2017 at 4:14 PM Andrew Hughes <
>>> <andrewhughes3000 at gmail.com>andrewhughes3000 at gmail.com> wrote:
>>>
>>> Hi LC and (some) Board of Directors...
>>>
>>>
>>>
>>> I've been wrestling with how Kantara would best serve the community with
>>> respect to GDPR.
>>>
>>>
>>>
>>> Many of the WGs have work products and knowledge that is relevant to
>>> GDPR topics. But whenever I try to think about what it would mean to ask
>>> for GDPR-specific work inside any particular WG I hit mental roadblocks.
>>>
>>>
>>>
>>> So, how does this different approach sound to you all:
>>>
>>>
>>>
>>> Start a WG whose goal is to build a 'Kantara GDPR Toolkit' comprised of
>>> guidance, profiles of selected standards, pointers to useful analysis
>>> reports (inside and outside of Kantara), and other technical or
>>> recommendation stuff.
>>>
>>>
>>>
>>> It would help ease the tension between addressing the near term demands
>>> to 'do something' for GDPR and help to harness the bits and pieces of work
>>> inside and near Kantara. It would possibly avoid distracting the WGs from
>>> their main work products that are for the longer term.
>>>
>>>
>>>
>>> Looking for opinions and alternative views on this please
>>>
>>>
>>>
>>> andrew.
>>>
>>> _______________________________________________
>>> LC mailing list
>>> <LC at kantarainitiative.org>LC at kantarainitiative.org
>>> <http://kantarainitiative.org/mailman/listinfo/lc>
>>> http://kantarainitiative.org/mailman/listinfo/lc
>>>
>>> --
>>>
>>> Kenneth Dagg Independent Consultant Identification and Authentication
>>> 613-825-2091 <%28613%29%20825-2091>kendaggtbs at gmail.com
>>>
>>> --
>>>
>>> *Andrew Hughes *CISM CISSP
>>> Independent Consultant
>>> *In Turn Information Management Consulting*
>>>
>>> o  +1 650.209.7542 <%28650%29%20209-7542>
>>> m +1 250.888.9474 <%28250%29%20888-9474>
>>> 1249 Palmer Road,
>>> Victoria, BC V8P 2H8
>>> AndrewHughes3000 at gmail.com
>>> ca.linkedin.com/pub/andrew-hughes/a/58/682/
>>> *Identity Management | IT Governance | Information Security *
>>>
>>> _______________________________________________
>>> LC mailing list
>>> LC at kantarainitiative.org
>>> http://kantarainitiative.org/mailman/listinfo/lc
>>>
>>>
>>>
>>> --
>>>
>>> *Andrew Hughes *CISM CISSP
>>> Independent Consultant
>>> *In Turn Information Management Consulting*
>>>
>>> o  +1 650.209.7542 <%28650%29%20209-7542>
>>> m +1 250.888.9474 <%28250%29%20888-9474>
>>> 1249 Palmer Road,
>>> Victoria, BC V8P 2H8
>>> <AndrewHughes3000 at gmail.com>AndrewHughes3000 at gmail.com
>>> ca.linkedin.com/pub/andrew-hughes/a/58/682/
>>> *Identity Management | IT Governance | Information Security *
>>>
>> --
>>
>> *Andrew Hughes *CISM CISSP
>> Independent Consultant
>> *In Turn Information Management Consulting*
>>
>> o  +1 650.209.7542 <%28650%29%20209-7542>
>> m +1 250.888.9474 <%28250%29%20888-9474>
>> 1249 Palmer Road,
>> Victoria, BC V8P 2H8
>> AndrewHughes3000 at gmail.com
>> ca.linkedin.com/pub/andrew-hughes/a/58/682/
>> *Identity Management | IT Governance | Information Security *
>>
>> _______________________________________________
>> LC mailing list
>> LC at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/lc
>>
>>
>
>
> --
> Executive Director
> Kantara Initiative Inc. <https://kantarainitiative.org/>
> Cell: +44 (0)7490 266 778 <+44%207490%20266778>
>
>
>
> _______________________________________________
> LC mailing listLC at kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/lc
>
>
> --
> Simplify Email: Email Charter <http://emailcharter.org/>
>
> [image: ForgeRock Logo] *Allan  Foster - Forge Rock *
> *Vice President Global Partner Enablement*
> *Location:* Vancouver, WA, US
> *p:* +1.360.229.7102 <(360)%20229-7102>
> *email:* <allan.foster at forgerock.com>allan.foster at forgerock.com
> *www:* www.forgerock.com
> *www:* www.forgerock.org
> *blogs:* blogs.forgerock.com/GuruAllan
>
> _______________________________________________
> LC mailing list
> LC at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/lc
>
>

-- 

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error please notify the system manager. 
This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and 
delete this e-mail from your system. If you are not the intended recipient 
you are notified that disclosing, copying, distributing or taking any 
action in reliance on the contents of this information is strictly 
prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20170301/76c884e9/attachment-0001.html>


More information about the LC mailing list