[WG-InfoSharing] Issue with terms and referencing terms;

Mark Lizar - OCG m.lizar at openconsentgroup.com
Thu Mar 24 13:24:29 CDT 2016


My preference is data because it makes sense that , information is data that it is rendered into something useful. i.e. correlated, explained, displayed or some other type of operation.   

Data is the element of information.  But, i am happy to go with either.  Do we need to worry about this form an interoperability perspective ? 

- Mark 


> On 24 Mar 2016, at 18:09, mary hodder <hodder at gmail.com> wrote:
> 
> So this has come up in IDESG and in other standards NIST has done, and also with other orgs where we've looked at their documents.
> 
> On the one hand, the FTC recognizes PII as a term of art that means something legally and is definable.  On the other hand, IDESG and the other orgs I've seen have taken to calling it:
> 
> Personal Information instead of PII (spelled out).  The reason is that they recognize that PII is a term of art for some but not others, and because
> depending in context, some personal information becomes identifiable, and out of context or aggregated and collapsed, it's not (so) identifiable.
> 
> So they/we wanted users of the documents to have to think about context, think about what may be perceived as personal to the user, and so the definition for now (we are in the midst of a definitions review and expansion for better defs and a few more terms):
> 
> "Personal information" broadly means any information about or linked to a user <https://wiki.idesg.org/wiki/index.php?title=IDEF_Glossary_USERS> that is collected, used, transmitted, or stored in or by digital identity management functions <https://wiki.idesg.org/wiki/index.php?title=IDEF_Glossary_DIGITAL_IDENTITY_MANAGEMENT_FUNCTIONS>. 
> 
> I think Personal Information is better because it implies context, verses data which is inert without context or use. However, data as the most basic bits, and in some ways we do want to be as basic as that.
> 
> However, in the W3C Tracking (DNT) effort, they use this to get at the problem, although do not use PII or PI or user data or anything.. they just say "data":
> 
> [quote]  
> 3.3.1.2 Data Minimization, Retention and Transparency
> Data collected by a party for permitted uses must be minimized to the data reasonably necessary for such permitted uses. Such data must not be retained any longer than is proportionate to, and reasonably necessary for, such permitted uses. A party must not rely on unique identifiers if alternative solutions are reasonably available.
> 
> A party must publicly describe definite time periods for which data collected for permitted uses are retained. The party may enumerate different retention periods for different permitted uses. Data must not be used for a permitted use once the data retention period for that permitted use has expired. After there are no remaining permitted uses for given data, the data must be deleted or permanently de-identified <https://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-cr-prep.html#dfn-permanently-de-identified>.
> 
> 3.3.1.3 No Personalization
> 
> A party that collects data for a permitted use must not use that data to alter a specific user's online experience, except as specifically permitted below.  [end quote]
> 
> I think their thinking has value because they are a bunch of smart folks wrestling with similar issues.
> 
> mary
> 
> 
> 
> 
> On Thu, Mar 24, 2016 at 10:15 AM, Mark Lizar - OCG <m.lizar at openconsentgroup.com <mailto:m.lizar at openconsentgroup.com>> wrote:
> Hi All, 
> 
> As I am editing the spec at the moment, I have come across a couple of issues with terms.  github issue #27 <https://github.com/KantaraInitiative/CISWG/issues/27>
> 
> First, as we no longer need to put the spec work forward to a standard development organisation to create a specification standard candidate I think its important to have all terms in the spec so that it is usable without having to reference external documents. 
> 
> Second, we have used the term PII as defined in IS0 29100, to refer to the consent grantee, or data subject.  It has occurred to me that the consent grantee doesn’t necessarily have to be identified, to provide both personal data and consent.  As well, we are working on consent centric focus and not necessarily an the basis that all consents require personal identifiable information. 
> 
> The ISO definition is
> "personally identifiable information PII
> any information (a) that can be used to identify the person to whom such information pertains, (b) from which such information can be derived, or (c) that is or might be directly or indirectly linked to a natural person.
> 
> NOTE To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the entity holding the data, or by any other party, to identify that individual. “ 
> 
> 
> In this regard, I am wondering if moving to the term personal data would be suffice instead? 
> 
> 
> Mark Lizar
> Executive Director
> Open Consent Group
> 
> Email: m.lizar at openconsentgroup.com <mailto:m.lizar at openconsentgroup.com>
> Mobile: +447738382658 <tel:%2B447738382658>
> Twitter: @smartopian
> 
> 
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org <mailto:WG-InfoSharing at kantarainitiative.org>
> http://kantarainitiative.org/mailman/listinfo/wg-infosharing <http://kantarainitiative.org/mailman/listinfo/wg-infosharing>
> 
> 
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-infosharing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20160324/fc157ab4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3591 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20160324/fc157ab4/attachment.p7s>


More information about the WG-InfoSharing mailing list