[WG-P3] P3WG Ad Hoc group on Privacy Assessment Criteria --Minutes for 7/5
ageyer at tunitas.com
Thu Jul 5 13:02:46 EDT 2012
The minutes of today's PAC discussion are included below and also
posted at the Kantara site at
PAC Drafting Conference Call
1. Drafting Discussion --General
2. Drafting Discussion – Minimalism #2.3
• Clarified that the RP has the right to specify the information it
requires from the CSP, provided the specification is made in writing.
• If the RP has not provided written instructions, then the CSP may
provide only the information specified in the Federal Profile
• If the RP requests information that is a subset of the Federal
Profile, it should but need not be by written request.
• Identified that there is no mechanism in this document to place
minimal data collection and usage requirements on a RP, since RP are
out of scope. Issue is placed in the parking lot for further
• Identified that there is minimal data collection and usage
requirements on the CSP for CSP purposes not directly related to the
RP authentication transactions. Issue is place in the parking lot for
3. Drafting Discussion – Unique Identity #2.4
• Discussed the context for this requirement. Agreed that some context
explanation should be included to guide the assessor. For example,
purpose of the persistent abstract identifier is to allow the RP to
consolidate transactions from the same individual without requiring
information about the individual’s identity.
• Agreed to include a definition of “persistent abstract identifier”
from ISO or other industry standards organization. Collin Soutar
volunteered to track down candidate definitions for next call.
• Clarified that the requirement calls for the identifier to be unique
to a specific RP. The purpose is to minimize the likelihood that
individual can be profiled and possibly identified by combining
transactions across multiple RPs using the individual’s persistent
abstract identifier. Collin Wallis mentioned that in Canada, RPs are
not permitted to share and consolidate information in this way.
• Identified a need to include requirements for information protection
for the identifier. Absent specific requirements added to the
Requirements document, we will provide recommendations to the
assessors as to what safeguards to evaluation. We are relying on the
inclusion of information protection as a core privacy principle.
4. Parking Lot Items (Consolidated List)
• Requirements on RP for collecting only the minimal information
necessary from the CSP for its authentication transactions.
• Look ahead to Adquate Notice shows that the notice requirements
apply only to the information transmitted to a RP and not to other
uses that the CSP may have for collecting PII. There is a general
concern that requiring the disclosure of too much PII would invalidate
the voluntary participation/consent privacy principle.
• Is there a US restriction on whether Federal RP can share identity
information across RP applications?
• Need to determine what information protections/data safeguards
should be included in the assessment of Unique Identity requirements.
• Discussants felt that guidance on how the private information
collected and maintained by a CSP is protected should be part of this
5. Tasks Assigned
• Collin Soutar—identify candidate definitions from industry standards
for “persistent abstract identifier.”
• Collect the relevant working and reference documents and post them
to the P3WG site for easy reference. Ann Geyer done 6/8/2012
• When feasible, extract from passages for discussion and post then in
the meeting reminder email for easy reference. Ann Geyer done
6. Items Referred to Full P3WG: none
7. Attachments: none
More information about the WG-P3