[Wg-p3] P3wg minutes from call Friday 18 SEP--NOTES ONLINE, UPDATE TO SEPT 24 CALL TIME

Britta Glade britta at kantarainitiative.org
Sat Sep 19 17:57:21 PDT 2009


The notes are now available on the P3WG wiki:

http://kantarainitiative.org/confluence/display/p3wg/Sept.+18%2C+2009+P3WG+Meeting+Minutes

Please note that in these notes the time for the next call has changed from
what was previously circulated.  This group will meet weekly on Thursdays at
a standing time of 8 am PT/11 am ET/15:00 UTC.  I will update your calendar
accordingly, but please make that update to your diaries now.

--b.

On Sat, Sep 19, 2009 at 11:55 AM, j stollman <stollman.j at gmail.com> wrote:

> All,
>
> Below are the draft minutes from our last call.
>
> [Britta if you would be so kind as to post these as I remain unable to do
> so because of permissions.]
>
>
> Call Held:  Thursday 18 SEP, 2009 @ 15:00 UTC
>
>
>
>   US/Canada toll-free number:  1.866.305.1460
>     * Direct dial (toll) number: +1.416.620.1296
>     * Attendee Code: 9247530
>
>
>
> ATTENDEES:
>
> Jeff Stollman
>
> Bob Pinheiro
>
> Colin Soutar
>
> Mark Lizare was unable to connect
>
>
> QUORUM was not met.
>
>
>
> REGRETS:
>
> Iain Henderson
>
> Susan Landau
>
> Robin Wilton
>
>
>
> AGENDA
>
> 1.       Roll call
>
> 2.       ICAM letter status (Jeff)
>
> a.       ICAM’s announcement
>
> b.      Ballot Results
>
> c.       Next actions
>
>                                                                i.      Operating
> Procedures, section 3.7¸ which states: All Participants present at a WG
> meeting are voting members of the WG. For the purpose of maintaining a
> reasonable ability to achieve Quorum, any Participant in a WG who fails to
> attend two consecutive meetings of the WG may, at the discretion of the
> Chair, be re-classified as a non-voting member. Voting member status may be
> reacquired by attending a meeting of the WG. In the case of an electronic
> vote of the WG, if the electronic vote occurs while a Participant is in
> non-voting status, the Participant may not vote in that electronic vote.
>
>                                                              ii.      *ACTION
> ITEM:* Chair to contact those who are not in compliance to clarify voting
> intentions. Results to be displayed in our “Roster” section.
>
>                                                             iii.      Recommendation
> to add an “observer status” option to the GPA. Several voiced interest in
> participating in the WG but not desiring vote status at this point.
>
>                                                            iv.      *ACTION
> ITEM*: Britta is already sending these recommendations to the LC chair, as
> a result of them having been brought up in an IAWG call.
>
> 3.       US Federal Trade Commission (FTC) Privacy Roundtable 07 DEC in
> Washington, DC (Mark Lizare)
>
> a.       FTC’s Focus
>
>                                                                i.      What
> risks, concerns, and benefits arise from the collection, sharing, and use of
> consumer information?  For example, consider the risks and/or benefits of
> information practices in the following contexts: retail or other commercial
> environments involving a direct consumer-business relationship; data broker
> and other business-to-business environments involving no direct consumer
> relationship; platform environments involving information sharing with third
> party application developers; the mobile environment; social networking
> sites; behavioral advertising; cloud computing services; services that
> collect sensitive data, such as information about adolescents or children,
> financial or health information, or location data; and any other contexts
> you wish to address.
>
> 1.       Jeff:  We should submit a recommendation that FTC develop a
> methodology/metrics for measuring risk of improper use of Personally
> Identifiable Information (PII).
>
> a.       Physical harm (e.g., from government or rebel groups)
>
> b.      Financial harm (e.g., from governments, criminals)
>
> c.       Reputational harm
>
> d.      National security
>
> 2.       Risk needs to be measured at a data item level, not merely PII as
> a class
>
> 3.       Jeff: I’ll create a draft description of this recommendation and
> post it/distribute it to group for review and comment.
>
>                                                              ii.      Are
> there commonly understood or recognized consumer expectations about how
> information concerning consumers is collected and used? Do consumers have
> certain general expectations about the collection and use of their
> information when they browse the Internet, participate in social networking
> services, obtain products from retailers both online and offline, or use
> mobile communications devices? Is there empirical data that allows us
> reliably to measure any such consumer expectations?  How determinative
> should consumer expectations be in developing policies about privacy?
>
> 1.       Bob:  Let’s find out what other countries are doing, since they
> are ahead of the US.
>
> 2.       Colin:  Other countries are mostly looking at PII as a class and
> concerning themselves with inappropriate disclosure, not with risk
> associated with disclosure.
>
>                                                             iii.      Do
> the existing legal requirements and self-regulatory regimes in the United
> States today adequately protect consumer privacy interests? If not, what are
> the particular privacy interests that warrant increased protection? How have
> changes in technology, and in the way consumer data is collected, stored,
> and shared, affected consumer privacy? What are the costs, benefits, and
> feasibility of technological innovations, such as browser-based controls,
> that enable consumers to exercise control over information collection? How
> might increased privacy protections affect technological innovation?
>
> 1.       Jeff:  Recommend standardization of privacy policies, to make
> them easier to evaluate.  If policies had a standard menu, they could be
> easily and rapidly evaluated and compared.  For example,
>
> a.       A checklist could be given for what data items are collected.
>
> b.      A second section could detail whether the information was
> disclosed to other departments of the same company, partner companies,
> third-party aggregators, third-party enterprises, government, etc.
>
> c.       A third section might include opt-in/opt-out information for
> releasing particular data.
>
> 2.       Jeff: I’ll create a draft description of this recommendation and
> post it/distribute it to group for review and comment.
>
> b.      File a comment?
>
>                                                                i.
> Bob:  Valuable to develop a position paper.  Concerned about resources to
> develop the papers.
>
>                                                              ii.
> Colin:  Like to contribute, but need someone to lead the effort.
>
>                                                             iii.      *ACTION
> ITEM*: As noted above, Jeff will create draft descriptions of
> recommendations for both risk analysis methodology and standardization of
> privacy policies and post them/distribute them to group for review and
> comment.
>
> c.       Panelist Participation?
>
>                                                                i.
> Jeff:  I would be willing to represent position paper as a panelist, since
> I live close to DC.
>
> 4.       Las Vegas Plenary Report (Jeff)
>
> a.       Broadening Participation
>
>                                                                i.      Government
> outreach
>
> 1.       eGov and P3 outreach (no update)
>
> a.       Judy Spencer
>
> b.      Dave Temoshok
>
> c.       EU ENISA
>
> d.      UK Information Commissioner's Office (RW task?)
>
> e.      Deborah Diener, US Internal Revenue Service (Brett)
>
> f.        Dawn Wiggins, US Social Security Administration (Brett)
>
> g.       Naomi Lefkovitz, US Federal Trade Commission (Brett)
>
> h.      Jim Lewis (Brett)
>
> i.         Lee Tien, ESS (Brett)
>
> j.        Ari Schwartz (Brett)
>
> k.       other suitable EU candidates (e.g. from PrimeLife or other
> projects)
>
> l.         Paul Hasson (CPO - US Visit) (RW task)
>
> 2.       eGov and P3 outreach (Jeff)
>
> a.       We agreed to work with eGov to identity candidates and determine
> which group would take the lead in pursuing government officials so as not
> to overwhelm them or confuse the issue.
>
>
> i.      Generally, higher officials would probably be pursued by eGov,
> while P3 would pursue people more on the implementation level.
>
>                                                              ii.      CPO
> outreach (Robin)
>
> 1.       Robin believes that we need to pursue CPO participation from
> commercial enterprises (including Kantara members)
>
> 2.       We are open to comments and suggestions here.
>
>                                                             iii.      Bob:
> We might need to define responsibilities of participants so they know what
> they are getting into if they join.
>
>                                                            iv.      Bob &
> Colin:  We will need to define what Kantara membership offers to
> participants lure people to join us.
>
> b.      Liaison with VPI and eGov (IAW was not in attendance)
>
>                                                                i.      Scenario
> specification
>
> 1.       Looking at Iain’s car buying scenario as a first example
>
> a.       We need to decide on a venue for this, since regulations impact
> the flow.  Current thinking is the UK.
>
> b.      Once we develop a model, we can iterate for other localities to
> determine what changes occur and the impact of these changes.
>
> 2.       Want to look at it from multiple perspectives
>
> a.       Subject
>
> b.      Identity Provider
>
> c.       Relying Party
>
> d.      Criminal
>
> e.      Bad government
>
> f.        Benign government
>
> g.       Data aggregator
>
>                                                              ii.      Bob:
> Concerned about IP issues when different IP policies are in place between
> eGov, VPI, and P3.
>
> c.       Robin will transcribe and publish notes from the Plenary sessions
>
> 5.       Next call
>
> a.       Migrate to weekly calls
>
> b.      Maintain the same call schedule to avoid confusion
>
>                                                                i.      at
> 15:00 UTC / 11:00 EDT / 08:00 PDT / 03:00 New Zealand (Friday)
>
> c.       New calls will begin on Thursday 24 SEP
>
> d.      Bob:  Can we cut down on calls with some way to focus on issues.
>
> 6.       Colin:  Kantara should create a matrix of mandates of different
> groups
>
> a.       Could include charters, call times, IP policy, etc.
>
> 7.       Tabled until next call
>
> a.       Collaboration site URL (Randy van der Hoof)
>
> b.      Comparison of US/UK LoA (Patrick Curry)
>
> c.       Broadening P3-wg participation
>
> d.      Funding ideas (Robin)
>
>                                                                i.      SmartCard
> Alliance meeting (Randy)
>
> e.      Vice-chair & secretary nominations (Robin)
>
> 8.       All other business
>
> 9.       Update Roll Call
>
>
>
> ACTIONS:
>
> 1.       Robin:
>
> a.       Develop matrix of which members attended/failed to attend recent
> calls.
>
> b.      Contact those who are not in compliance to clarify voting
> intentions. Results to be displayed in our “Roster” section.
>
> c.       Schedule next call and arrange conference bridge for Thursday 25
> SEP @ 15:00 UTC and continuing weekly after that at the same time.
>
> d.      Pursue outreach to government officials identified in Item 4.A.i.1
> above.
>
> e.      Pursue outreach to government officials identified in Item 4.A.i.2
> above.
>
> 2.       Jeff
>
> a.       Create draft descriptions of recommendations for risk analysis
> methodology and post it/distribute it to group for review and comment.
>
> b.      Create draft descriptions of recommendations for standardization
> of privacy policies and post it/distribute it to group for review and
> comment.
>
> 3.       Brett
>
> a.       Pursue outreach to government officials identified in Item
> 4.A.i.1 above.
>
> b.
>
> 4.       Iain
>
> a.       Present car-buying scenario to P3wg when initial draft is
> completed.
>
> --
> Jeff Stollman
> stollman.j at gmail.com
> 1 202.683.8699
>
> _______________________________________________
> Wg-p3 mailing list
> Wg-p3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
>
>


-- 
Britta Glade Kantara Initiative 925-254-4233
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachments/20090919/41f1f9b8/attachment-0001.html>


More information about the Wg-p3 mailing list