[KI-LC] GDPR and Kantara approach question

Andrew Hughes andrewhughes3000 at gmail.com
Wed Mar 1 08:42:02 CST 2017


This is why I'm testing this team on what, if anything, Kantara needs to do
to help our members and the community address GDPR.

We know there's a new industry forming up around it - and if we wait until
implementation time it will be too late & our work products will go
unnoticed. So my feeling is that now is the time to get organized about
what Kantara can offer.

andrew.

*Andrew Hughes *CISM CISSP
Independent Consultant
*In Turn Information Management Consulting*

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road,
Victoria, BC V8P 2H8
AndrewHughes3000 at gmail.com
ca.linkedin.com/pub/andrew-hughes/a/58/682/
*Identity Management | IT Governance | Information Security *

On Wed, Mar 1, 2017 at 6:36 AM, John Wunderlich <john at wunderlich.ca> wrote:

> Thanks Allan, for voicing what was in the back of my mind as well. The
> GDPR - since it's not implemented yet - serves as kind of a Rorshach test.
> You take away from it what you bring to it. It's a big piece of legislation
> with many potential impacts. But it seems to me that as people start to
> grapple with the GDPR in terms of real world prospects  &  problems (to
> your point about specific work products) or prospect new work group ideas
> will emerge or existing work groups will need to factor this into their
> roadmaps. Otherwise we might hare madly off in all directions.
>
> For example, one question I have is whether an identity federation
> qualifies as 'profiling' under the GDPR. If so are all the participants in
> a federation controllers per GDPR with obligations to individuals? Might to
> something for OTTO to look at...or not.
>
> JW
>
>
>
> John Wunderlich, BA, MBA
>
> IAPP Fellow of Information Privacy
> CISA, CIPM, CIPP/C, PbD Ambassador
> @PrivacyCDN <https://twitter.com/PrivacyCDN> & Privacist
>
> On 1 March 2017 at 04:04, Allan Foster <allan.foster at forgerock.com> wrote:
>
>> So in theory,  I am kinda agnostic about the WG.  however,  this brings
>> up an interesting chicken and egg issue.
>>
>> Surely we should be looking at specific work products that we should work
>> on,  and then try and find them a home?  I have a gut feeling that much of
>> GDPR is going to find homes in several of our workgroups.  For example
>> privacy,  and consent receipts already are being addressed....  Federation
>> Interop might actually have some valid input as well...
>>
>>
>> I suggest we work on what work items we want to do,  and THEN find them a
>> home?
>>
>> Allan
>>
>>
>> On 2/28/17 4:30 PM, Colin Wallis wrote:
>>
>> Good discussion.
>>
>> I like the cadence (Jeeez I'm starting to hate that term) of toolkits
>> because UMA has used that approach successfully, and leveraging successful
>> things typically results in more success.
>>
>> I would have thought a time-bound DG is appropriate, else you risk
>> breaking your own rules Mr Hughes..:-).
>>
>> Cheers
>>
>> On Tue, Feb 28, 2017 at 11:53 PM, Andrew Hughes <
>> andrewhughes3000 at gmail.com> wrote:
>>
>>> OK - that would be interesting
>>>
>>> I'm also wondering if any of our members are doing work related to GDPR
>>> and could use some Kantara tools to help - sample text, some of the lists
>>> and categories coming soon from consent receipt, hmmmm...
>>>
>>> On Tue, Feb 28, 2017 at 3:49 PM Salvatore D'Agostino <sal at idmachines.com>
>>> wrote:
>>>
>>>> So how about a contribution from each of the DGs, WGs on a single
>>>> aspect of their effort for sharing in a toolkit.  I we need to have the
>>>> groups contribute and be directly involved or you cross wires.  Challenge
>>>> is bandwidth per usual.
>>>>
>>>>
>>>>
>>>> So for IRM it might be a GDPR use case as a way to exercise a
>>>> relationship manager effort in the next phase of work.
>>>>
>>>>
>>>>
>>>> *From:* lc-bounces at kantarainitiative.org [mailto:lc-bounces at kantarainit
>>>> iative.org] *On Behalf Of *Andrew Hughes
>>>> *Sent:* Tuesday, February 28, 2017 6:15 PM
>>>> *To:* Mark OCG <m.lizar at openconsentgroup.com>
>>>> *Cc:* Julian Ranger <julian at digi.me>; Robin Wilton <wilton at isoc.org>;
>>>> Kantara Leadership Council < <lc at kantarainitiative.org>
>>>> lc at kantarainitiative.org>
>>>> *Subject:* Re: [KI-LC] GDPR and Kantara approach question
>>>>
>>>>
>>>>
>>>> Hi mark - yes it is vague - I'm looking for opinions.
>>>>
>>>> The only thing behind this is that I was wondering if there
>>>> could/should be a "Kantara GDPR Toolkit"
>>>>
>>>> Because I keep hearing that there is great demand for assistance and
>>>> I'm wondering it Kantara can do something useful for the community.
>>>>
>>>> Andrew.
>>>>
>>>> On Tue, Feb 28, 2017 at 2:56 PM Mark OCG <
>>>> <m.lizar at openconsentgroup.com>m.lizar at openconsentgroup.com> wrote:
>>>>
>>>> Hi Andrew,
>>>>
>>>>
>>>>
>>>> This is all bit vague. Not clear from what perspective Kantara should
>>>> be inclined to ‘do something’ for the GDPR.
>>>>
>>>>
>>>>
>>>> As you may or may not be aware Data Protection and Data Control
>>>> mitigate each other in terms of risk and liability.  GDPR is fundamentally
>>>> about data protection. Standards address risk and liability in different
>>>> ways.
>>>>
>>>>
>>>>
>>>> It is conceivable that Kantara could have a program that spans this
>>>> space - but not sure if a GDPR centric approach would achieve such a
>>>> result.   Perhaps evaluating how Kantara efforts relate to GDPR might be
>>>> fruitful?  A little survey perhaps?
>>>>
>>>>
>>>>
>>>> Is there a deeper insight/motivation missing from this email ?
>>>>
>>>>
>>>>
>>>> *Mark Lizar*
>>>>
>>>> CEO Open Consent Group
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 28 Feb 2017, at 21:53, Andrew Hughes < <andrewhughes3000 at gmail.com>
>>>> andrewhughes3000 at gmail.com> wrote:
>>>>
>>>>
>>>>
>>>> I'm not sure if we need a DG or not - there are some very specific
>>>> things about GDPR (and lots of analysis everywhere)
>>>>
>>>> I'm also hoping that this will bring new faces to the table.
>>>>
>>>> On Tue, Feb 28, 2017 at 1:52 PM Ken Dagg < <kendaggtbs at gmail.com>
>>>> kendaggtbs at gmail.com> wrote:
>>>>
>>>> As much as I don't want to spread Kantara's thin participative
>>>> resources thinner I think that your suggestion of a new WG makes sense. A
>>>> new WG would enable a keen focus on GDPR without the distraction of what
>>>> the other WG's are attempting to achieve. Does it make sense to start with
>>>> a DG to identify what things need to be done and in what order or is that
>>>> the first task of the WG?
>>>>
>>>>
>>>>
>>>> Ken
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Feb 28, 2017 at 4:14 PM Andrew Hughes <
>>>> <andrewhughes3000 at gmail.com>andrewhughes3000 at gmail.com> wrote:
>>>>
>>>> Hi LC and (some) Board of Directors...
>>>>
>>>>
>>>>
>>>> I've been wrestling with how Kantara would best serve the community
>>>> with respect to GDPR.
>>>>
>>>>
>>>>
>>>> Many of the WGs have work products and knowledge that is relevant to
>>>> GDPR topics. But whenever I try to think about what it would mean to ask
>>>> for GDPR-specific work inside any particular WG I hit mental roadblocks.
>>>>
>>>>
>>>>
>>>> So, how does this different approach sound to you all:
>>>>
>>>>
>>>>
>>>> Start a WG whose goal is to build a 'Kantara GDPR Toolkit' comprised of
>>>> guidance, profiles of selected standards, pointers to useful analysis
>>>> reports (inside and outside of Kantara), and other technical or
>>>> recommendation stuff.
>>>>
>>>>
>>>>
>>>> It would help ease the tension between addressing the near term demands
>>>> to 'do something' for GDPR and help to harness the bits and pieces of work
>>>> inside and near Kantara. It would possibly avoid distracting the WGs from
>>>> their main work products that are for the longer term.
>>>>
>>>>
>>>>
>>>> Looking for opinions and alternative views on this please
>>>>
>>>>
>>>>
>>>> andrew.
>>>>
>>>> _______________________________________________
>>>> LC mailing list
>>>> <LC at kantarainitiative.org>LC at kantarainitiative.org
>>>> <http://kantarainitiative.org/mailman/listinfo/lc>
>>>> http://kantarainitiative.org/mailman/listinfo/lc
>>>>
>>>> --
>>>>
>>>> Kenneth Dagg Independent Consultant Identification and Authentication
>>>> 613-825-2091 <%28613%29%20825-2091>kendaggtbs at gmail.com
>>>>
>>>> --
>>>>
>>>> *Andrew Hughes *CISM CISSP
>>>> Independent Consultant
>>>> *In Turn Information Management Consulting*
>>>>
>>>> o  +1 650.209.7542 <%28650%29%20209-7542>
>>>> m +1 250.888.9474 <%28250%29%20888-9474>
>>>> 1249 Palmer Road,
>>>> Victoria, BC V8P 2H8
>>>> AndrewHughes3000 at gmail.com
>>>> ca.linkedin.com/pub/andrew-hughes/a/58/682/
>>>> *Identity Management | IT Governance | Information Security *
>>>>
>>>> _______________________________________________
>>>> LC mailing list
>>>> LC at kantarainitiative.org
>>>> http://kantarainitiative.org/mailman/listinfo/lc
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Andrew Hughes *CISM CISSP
>>>> Independent Consultant
>>>> *In Turn Information Management Consulting*
>>>>
>>>> o  +1 650.209.7542 <%28650%29%20209-7542>
>>>> m +1 250.888.9474 <%28250%29%20888-9474>
>>>> 1249 Palmer Road,
>>>> Victoria, BC V8P 2H8
>>>> <AndrewHughes3000 at gmail.com>AndrewHughes3000 at gmail.com
>>>> ca.linkedin.com/pub/andrew-hughes/a/58/682/
>>>> *Identity Management | IT Governance | Information Security *
>>>>
>>> --
>>>
>>> *Andrew Hughes *CISM CISSP
>>> Independent Consultant
>>> *In Turn Information Management Consulting*
>>>
>>> o  +1 650.209.7542 <%28650%29%20209-7542>
>>> m +1 250.888.9474 <%28250%29%20888-9474>
>>> 1249 Palmer Road,
>>> Victoria, BC V8P 2H8
>>> AndrewHughes3000 at gmail.com
>>> ca.linkedin.com/pub/andrew-hughes/a/58/682/
>>> *Identity Management | IT Governance | Information Security *
>>>
>>> _______________________________________________
>>> LC mailing list
>>> LC at kantarainitiative.org
>>> http://kantarainitiative.org/mailman/listinfo/lc
>>>
>>>
>>
>>
>> --
>> Executive Director
>> Kantara Initiative Inc. <https://kantarainitiative.org/>
>> Cell: +44 (0)7490 266 778 <+44%207490%20266778>
>>
>>
>>
>> _______________________________________________
>> LC mailing listLC at kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/lc
>>
>>
>> --
>> Simplify Email: Email Charter <http://emailcharter.org/>
>>
>> [image: ForgeRock Logo] *Allan  Foster - Forge Rock *
>> *Vice President Global Partner Enablement*
>> *Location:* Vancouver, WA, US
>> *p:* +1.360.229.7102 <(360)%20229-7102>
>> *email:* <allan.foster at forgerock.com>allan.foster at forgerock.com
>> *www:* www.forgerock.com
>> *www:* www.forgerock.org
>> *blogs:* blogs.forgerock.com/GuruAllan
>>
>> _______________________________________________
>> LC mailing list
>> LC at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/lc
>>
>>
>
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended recipient
> you are notified that disclosing, copying, distributing or taking any
> action in reliance on the contents of this information is strictly
> prohibited.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20170301/4b74ba3b/attachment-0001.html>


More information about the LC mailing list