[WG-P3] Privacy Management Framework: Work Stream Item
bmcdowell at paypal.com
Wed May 26 12:34:59 EDT 2010
(adding Trent, Joni and Matthew)
There is no NDA to sign, but they have rules of confidentiality. The binding is not a signature on a document. When I showed up for the ISO meeting in November I asked the Secretary for a copy of the NDA to sign and she told me that by being in attendance and by responding to Liaison Statements, it is part of their terms of liaison that we (whoever we are) operate under confidentiality. I'm sure there is something on their web site that explains this but all I needed was her verbal description.
So, P3WG could do what IAWG is doing... the chair is sending out a call for participation into a subgroup that will work as the Kantara Initiative liaison team to ISO SC27 WG5. By opting-in to that group, you are agreeing to not disclose any materials you receive from ISO.
That's about it.
As I think about it, the Kantara liaison with ISO is bigger than any one WG and it impacts at least three or four. So I think Joni or Trent or Matthew should provide a central authority for coordinating the liaison across all interested WG's. At the end of the day Kantara needs to send only one liaison statement back to ISO... not one from each WG.
On May 26, 2010, at 11:17 AM, Robin Wilton wrote:
> Sorry, I hit "Send" sllightly prematurely.
> I meant to explain, in a footnote, that the current working title for
> 29190 is "Privacy Capability Assessment Model", following some input to
> the ISO group about existing good practice under the heading of
> "Capability Assessment Models". It seemed to make a lot of sense to
> (i) align with existing terminology and
> (ii) neatly side-step any Carnegie Mellon University hassle over
> "Capability Maturity Model", which phrase they have registered as a
> "Service Mark"
> On Wed, 2010-05-26 at 16:14 +0100, Robin Wilton wrote:
>> Thanks Mark -
>> As you say, one of the potential inputs to this piece of work is the
>> draft of ISO 29190 (Privacy Capability Assessment Model*). However, as
>> it's a draft ISO document, I believe the only way we can share it among
>> P3 participants is if those interested sign an NDA and agree not to
>> share it elsewhere.
>> Brett, by copy, have I remembered that correctly, and do you still have
>> the NDA?
>> What I suggest is that anyone who has indicated their interest via
>> Doodle should next be invited to sign the NDA... Then I could send round
>> a copy of the draft as a discussion item.
>> Hope this helps-
>> On Wed, 2010-05-26 at 14:11 +0100, Mark Lizar wrote:
>>> Dear All,
>>> This topic has been listed as a Charter Item for the P3 workgroup and
>>> I know there has been a lot of work evolving in this area over the
>>> last few months.
>>> This was the most popular work item on the work stream list, as almost
>>> everyone showed interest in being involved on this topic, it is
>>> clearly important to the membership of P3, and as secretary, I invite
>>> people to post their thoughts, efforts, and IP that can be donated (if
>>> any) on this work-stream item to the list.
>>> As such, I would like to stimulate this topic on the list and see if
>>> this effort can be updated. My understanding is that the intention was
>>> to create a framework that would support assessment of a site's
>>> (organisations) privacy in the same way that the IAF assesses identity
>>> assurance. The thought was that the same level of rigor needs to be
>>> applied to privacy assurance as identity assurance.
>>> I understand that their are both bottom up approaches with people
>>> asserting privacy and the top down approaches with organisations
>>> protecting privacy. I know that there has been some excellent work on
>>> the top down approach by Iain Henderson. Personally I am currently
>>> researching various trust frameworks and their impact on privacy
>>> management from the bottom up and would like to contribute a public
>>> policy framework to this effort.
>>> In addition, the ISO document (mentioned in the last call as a global
>>> update on Privacy Regulations) being published will greatly inform any
>>> effort working on a Privacy Management Framework. To this end, I would
>>> like to invite further discussion on the P3 list, to ask if anyone is
>>> producing a white paper in this area, and ultimately, to see if there
>>> is an effort or work already under way that can be contributed to this
>>> I have created a doodle poll to arrange a call to discuss any inputs
>>> put forward and thoughts on the direction and future of this activity
>>> in P3. As Iain, Brett, myself and Darrell have all indicated strong
>>> interest, I am happy to support other efforts in this direction and
>>> facilitate this work item.
>>> Best Regards,
>>> Mark Lizar
>> WG-P3 mailing list
>> WG-P3 at kantarainitiative.org
More information about the WG-P3