[WG-P3] NIST 800-53, Appendix J, comments v2

Susan Landau susan.landau at privacyink.org
Fri Aug 26 10:59:23 EDT 2011

Apologies for not making the call --- and many others.  I've been on the 
OASIS PNRM calls, which are at the same time (and yesterday I had a 
meeting, so I missed both calls).

Anna, thanks much for the draft.  I have added some potential text to 
the draft (attached).  I have also included the additional text below.

Thanks --- and sorry --- again.



*Proposed addition: *We are particularly pleased by the control 
enhancements suggested, e.g., of real-time notice during collection of 
PII (p. 4), of an implementing mechanism to support itemized or tiered 
consent (p. 6), of implementing a complaint mechanism (p. 7).We think 
specifics such as these will prove particularly useful to the agencies, 
and we would like to praise NIST for including such operational advice.**

*Proposed addition: *We have one suggestion for an addition to the 
text.As the Computer Security Division knows, techniques for data 
re-identification and deanonymization are constantly improving, and data 
that once appeared not to have PII now can be reidentified.We would urge 
inclusion of this point in section DM-1 (p. 10) so as to emphasize the 
importance of data minimization.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110826/8ce9a868/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: P3WG NIST 800-53 App J comments v 2_SL comments.docx
Type: application/zip
Size: 22715 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-p3/attachments/20110826/8ce9a868/attachment-0001.zip 

More information about the WG-P3 mailing list