[WG-P3] Privacy Management Framework: Work Stream Item

Robin Wilton futureidentity at fastmail.fm
Wed May 26 11:17:53 EDT 2010

Sorry, I hit "Send" sllightly prematurely.

I meant to explain, in a footnote, that the current working title for
29190 is "Privacy Capability Assessment Model", following some input to
the ISO group about existing good practice under the heading of
"Capability Assessment Models". It seemed to make a lot of sense to 
(i) align with existing terminology and
(ii) neatly side-step any Carnegie Mellon University hassle over
"Capability Maturity Model", which phrase they have registered as a
"Service Mark"


On Wed, 2010-05-26 at 16:14 +0100, Robin Wilton wrote:
> Thanks Mark - 
> As you say, one of the potential inputs to this piece of work is the
> draft of ISO 29190 (Privacy Capability Assessment Model*). However, as
> it's a draft ISO document, I believe the only way we can share it among
> P3 participants is if those interested sign an NDA and agree not to
> share it elsewhere.
> Brett, by copy, have I remembered that correctly, and do you still have
> the NDA?
> What I suggest is that anyone who has indicated their interest via
> Doodle should next be invited to sign the NDA... Then I could send round
> a copy of the draft as a discussion item.
> Hope this helps- 
> Robin
> On Wed, 2010-05-26 at 14:11 +0100, Mark Lizar wrote:
> > 
> > 
> > Dear All,
> > 
> > This topic has been listed as a Charter Item for the P3 workgroup and
> > I know there has been a lot of work evolving in this area over the
> > last few months.
> > 
> > This was the most popular work item on the work stream list, as almost
> > everyone showed interest in being involved on this topic, it is
> > clearly important to the membership of P3, and as secretary, I invite
> > people to post their thoughts, efforts, and IP that can be donated (if
> > any) on this work-stream item to the list.
> > 
> > As such, I would like to stimulate this topic on the list and see if
> > this effort can be updated. My understanding is that the intention was
> > to create a framework that would support assessment of a site's
> > (organisations) privacy in the same way that the IAF assesses identity
> > assurance.  The thought was that the same level of rigor needs to be
> > applied to privacy assurance as identity assurance.  
> > 
> > 
> > I understand that their are both bottom up approaches with people
> > asserting privacy and the top down approaches with organisations
> > protecting privacy.  I know that there has been some excellent work on
> > the top down approach by Iain Henderson.  Personally I am currently
> > researching various trust frameworks and their impact on privacy
> > management from the bottom up and would like to contribute a public
> > policy framework to this effort.  
> > 
> > In addition, the ISO document (mentioned in the last call as a global
> > update on Privacy Regulations) being published will greatly inform any
> > effort working on a Privacy Management Framework. To this end, I would
> > like to invite further discussion on the P3 list, to ask if anyone is
> > producing a white paper in this area, and ultimately, to see if there
> > is an effort or work already under way that can be contributed to this
> > effort.
> > 
> > 
> >  I have created a doodle poll to arrange a call to discuss any inputs
> > put forward and thoughts on the direction and future of this activity
> > in P3.  As Iain, Brett, myself and Darrell have all indicated strong
> > interest, I am happy to support other efforts in this direction and
> > facilitate this work item.
> > 
> > Best Regards, 
> > 
> > 
> > Mark Lizar
> > 
> > 
> _______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2210 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-p3/attachments/20100526/96337685/attachment.bin 

More information about the WG-P3 mailing list