[WG-P3] Privacy Management Framework: Work Stream Item

Robin Wilton futureidentity at fastmail.fm
Wed May 26 11:14:12 EDT 2010

Thanks Mark - 

As you say, one of the potential inputs to this piece of work is the
draft of ISO 29190 (Privacy Capability Assessment Model*). However, as
it's a draft ISO document, I believe the only way we can share it among
P3 participants is if those interested sign an NDA and agree not to
share it elsewhere.

Brett, by copy, have I remembered that correctly, and do you still have
the NDA?

What I suggest is that anyone who has indicated their interest via
Doodle should next be invited to sign the NDA... Then I could send round
a copy of the draft as a discussion item.

Hope this helps- 



On Wed, 2010-05-26 at 14:11 +0100, Mark Lizar wrote:
> Dear All,
> This topic has been listed as a Charter Item for the P3 workgroup and
> I know there has been a lot of work evolving in this area over the
> last few months.
> This was the most popular work item on the work stream list, as almost
> everyone showed interest in being involved on this topic, it is
> clearly important to the membership of P3, and as secretary, I invite
> people to post their thoughts, efforts, and IP that can be donated (if
> any) on this work-stream item to the list.
> As such, I would like to stimulate this topic on the list and see if
> this effort can be updated. My understanding is that the intention was
> to create a framework that would support assessment of a site's
> (organisations) privacy in the same way that the IAF assesses identity
> assurance.  The thought was that the same level of rigor needs to be
> applied to privacy assurance as identity assurance.  
> I understand that their are both bottom up approaches with people
> asserting privacy and the top down approaches with organisations
> protecting privacy.  I know that there has been some excellent work on
> the top down approach by Iain Henderson.  Personally I am currently
> researching various trust frameworks and their impact on privacy
> management from the bottom up and would like to contribute a public
> policy framework to this effort.  
> In addition, the ISO document (mentioned in the last call as a global
> update on Privacy Regulations) being published will greatly inform any
> effort working on a Privacy Management Framework. To this end, I would
> like to invite further discussion on the P3 list, to ask if anyone is
> producing a white paper in this area, and ultimately, to see if there
> is an effort or work already under way that can be contributed to this
> effort.
>  I have created a doodle poll to arrange a call to discuss any inputs
> put forward and thoughts on the direction and future of this activity
> in P3.  As Iain, Brett, myself and Darrell have all indicated strong
> interest, I am happy to support other efforts in this direction and
> facilitate this work item.
> Best Regards, 
> Mark Lizar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2210 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-p3/attachments/20100526/fa4d1e2b/attachment.bin 

More information about the WG-P3 mailing list