[WG-P3] Privacy Management Framework: Work Stream Item

Colin Wallis colin_wallis at hotmail.com
Thu May 27 02:34:01 EDT 2010




Well in theory Joni is, as the last Liason Statement was signed by Roger Martin as interim ED (2 actually - one from KI and one from LAP)

.

Joni and I helped him with the text


Cheers

Colin

 
> From: bmcdowell at paypal.com
> To: mark at smartspecies.com
> Date: Wed, 26 May 2010 13:57:36 -0600
> CC: adams at isoc.org; shull at BIPAC.org; wg-p3 at kantarainitiative.org; email at brettmcdowell.com; Matthew.Gardiner at ca.com; futureidentity at fastmail.fm; iainhenderson at mac.com; Iain at kantarainitiative.org
> Subject: Re: [WG-P3] Privacy Management Framework: Work Stream Item
> 
> No, I'm not sure what the link is.
> 
> Who is the new liaison officer from Kantara to ISO? That's who owns this action item IMHO.
> 
> 
> On May 26, 2010, at 2:30 PM, Mark L wrote:
> 
> > Thanks Brett for this update!
> > 
> > Can you provide a link for to the ISO SC27 WG5 for those of us who 
> > wish to opt-in? Perhaps we can add the liaison to the agenda of the 
> > call we are now organizing.
> > 
> > All those who interested in this PMF, It would be great to hear 
> > descriptions of what should be included in a privacy management 
> > framework discussion prior to the call.
> > 
> > Mark
> > 
> > On 26 May 2010, at 17:34, McDowell, Brett wrote:
> > 
> >> (adding Trent, Joni and Matthew)
> >> There is no NDA to sign, but they have rules of confidentiality. 
> >> The binding is not a signature on a document. When I showed up for 
> >> the ISO meeting in November I asked the Secretary for a copy of the 
> >> NDA to sign and she told me that by being in attendance and by 
> >> responding to Liaison Statements, it is part of their terms of 
> >> liaison that we (whoever we are) operate under confidentiality. I'm 
> >> sure there is something on their web site that explains this but all 
> >> I needed was her verbal description.
> >> 
> >> So, P3WG could do what IAWG is doing... the chair is sending out a 
> >> call for participation into a subgroup that will work as the Kantara 
> >> Initiative liaison team to ISO SC27 WG5. By opting-in to that 
> >> group, you are agreeing to not disclose any materials you receive 
> >> from ISO.
> >> 
> >> That's about it.
> >> 
> >> As I think about it, the Kantara liaison with ISO is bigger than any 
> >> one WG and it impacts at least three or four. So I think Joni or 
> >> Trent or Matthew should provide a central authority for coordinating 
> >> the liaison across all interested WG's. At the end of the day 
> >> Kantara needs to send only one liaison statement back to ISO... not 
> >> one from each WG.
> >> 
> >> -- Brett
> >> 
> >> 
> >> 
> >> On May 26, 2010, at 11:17 AM, Robin Wilton wrote:
> >> 
> >>> Sorry, I hit "Send" sllightly prematurely.
> >>> 
> >>> I meant to explain, in a footnote, that the current working title for
> >>> 29190 is "Privacy Capability Assessment Model", following some 
> >>> input to
> >>> the ISO group about existing good practice under the heading of
> >>> "Capability Assessment Models". It seemed to make a lot of sense to
> >>> (i) align with existing terminology and
> >>> (ii) neatly side-step any Carnegie Mellon University hassle over
> >>> "Capability Maturity Model", which phrase they have registered as a
> >>> "Service Mark"
> >>> 
> >>> Yrs.,
> >>> Robin
> >>> 
> >>> On Wed, 2010-05-26 at 16:14 +0100, Robin Wilton wrote:
> >>>> Thanks Mark -
> >>>> 
> >>>> As you say, one of the potential inputs to this piece of work is the
> >>>> draft of ISO 29190 (Privacy Capability Assessment Model*). 
> >>>> However, as
> >>>> it's a draft ISO document, I believe the only way we can share it 
> >>>> among
> >>>> P3 participants is if those interested sign an NDA and agree not to
> >>>> share it elsewhere.
> >>>> 
> >>>> Brett, by copy, have I remembered that correctly, and do you still 
> >>>> have
> >>>> the NDA?
> >>>> 
> >>>> What I suggest is that anyone who has indicated their interest via
> >>>> Doodle should next be invited to sign the NDA... Then I could send 
> >>>> round
> >>>> a copy of the draft as a discussion item.
> >>>> 
> >>>> Hope this helps-
> >>>> 
> >>>> Robin
> >>>> 
> >>>> 
> >>>> 
> >>>> On Wed, 2010-05-26 at 14:11 +0100, Mark Lizar wrote:
> >>>>> 
> >>>>> 
> >>>>> Dear All,
> >>>>> 
> >>>>> This topic has been listed as a Charter Item for the P3 workgroup 
> >>>>> and
> >>>>> I know there has been a lot of work evolving in this area over the
> >>>>> last few months.
> >>>>> 
> >>>>> This was the most popular work item on the work stream list, as 
> >>>>> almost
> >>>>> everyone showed interest in being involved on this topic, it is
> >>>>> clearly important to the membership of P3, and as secretary, I 
> >>>>> invite
> >>>>> people to post their thoughts, efforts, and IP that can be 
> >>>>> donated (if
> >>>>> any) on this work-stream item to the list.
> >>>>> 
> >>>>> As such, I would like to stimulate this topic on the list and see 
> >>>>> if
> >>>>> this effort can be updated. My understanding is that the 
> >>>>> intention was
> >>>>> to create a framework that would support assessment of a site's
> >>>>> (organisations) privacy in the same way that the IAF assesses 
> >>>>> identity
> >>>>> assurance. The thought was that the same level of rigor needs to 
> >>>>> be
> >>>>> applied to privacy assurance as identity assurance.
> >>>>> 
> >>>>> 
> >>>>> I understand that their are both bottom up approaches with people
> >>>>> asserting privacy and the top down approaches with organisations
> >>>>> protecting privacy. I know that there has been some excellent 
> >>>>> work on
> >>>>> the top down approach by Iain Henderson. Personally I am currently
> >>>>> researching various trust frameworks and their impact on privacy
> >>>>> management from the bottom up and would like to contribute a public
> >>>>> policy framework to this effort.
> >>>>> 
> >>>>> In addition, the ISO document (mentioned in the last call as a 
> >>>>> global
> >>>>> update on Privacy Regulations) being published will greatly 
> >>>>> inform any
> >>>>> effort working on a Privacy Management Framework. To this end, I 
> >>>>> would
> >>>>> like to invite further discussion on the P3 list, to ask if 
> >>>>> anyone is
> >>>>> producing a white paper in this area, and ultimately, to see if 
> >>>>> there
> >>>>> is an effort or work already under way that can be contributed to 
> >>>>> this
> >>>>> effort.
> >>>>> 
> >>>>> 
> >>>>> I have created a doodle poll to arrange a call to discuss any 
> >>>>> inputs
> >>>>> put forward and thoughts on the direction and future of this 
> >>>>> activity
> >>>>> in P3. As Iain, Brett, myself and Darrell have all indicated 
> >>>>> strong
> >>>>> interest, I am happy to support other efforts in this direction and
> >>>>> facilitate this work item.
> >>>>> 
> >>>>> Best Regards,
> >>>>> 
> >>>>> 
> >>>>> Mark Lizar
> >>>>> 
> >>>>> 
> >>>> _______________________________________________
> >>>> WG-P3 mailing list
> >>>> WG-P3 at kantarainitiative.org
> >>>> http://kantarainitiative.org/mailman/listinfo/wg-p3
> >>> <smime.p7s><ATT00001..txt>
> >> 
> > 
> 
> _______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3
 		 	   		  
_________________________________________________________________
Feeling the financial pinch? Check on MSN NZ Money for a hand
http://money.msn.co.nz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20100527/223545d8/attachment-0001.html 


More information about the WG-P3 mailing list