[WG-P3] P3WG meeting / OASIS PMRM slides
TSmedinghoff at edwardswildman.com
Sat Jul 14 13:22:34 EDT 2012
This is perhaps an issue that we should address.
The problem (from a legal perspective) is that the definition of personal information subject to privacy and/or security law can vary from jurisdiction to jurisdiction, and from sector to sector. Here are definitions from some of the more often-cited laws --
The EU Data Protection Directive defines "personal data" as "any information relating to an identified or identifiable natural person ('data subject')"
The U.S. Privacy Act of 1974 (which governs federal government agencies only), applies to any disclosure of "any record which is contained in a system of records." And "record" is defined as "any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph."
The California Civil Code defines "Personal information" as "any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information."
GLB defines "Personally identifiable financial information" as "any information: (i) A consumer provides to you to obtain a financial product or service from you; (ii) About a consumer resulting from any transaction involving a financial product or service between you and a consumer; or (iii) You otherwise obtain about a consumer in connection with providing a financial product or service to that consumer."
Thomas J. Smedinghoff
Edwards Wildman Palmer LLP
225 W. Wacker Drive
Chicago, Illinois 60606
Office: +1 312-201-2021
Mobile: +1 312-545-1333
tsmedinghoff at edwardswildman.com<mailto:tsmedinghoff at edwardswildman.com>
From: wg-p3-bounces at kantarainitiative.org [mailto:wg-p3-bounces at kantarainitiative.org] On Behalf Of j stollman
Sent: Friday, July 13, 2012 5:17 AM
To: Gershon Janssen
Subject: Re: [WG-P3] P3WG meeting / OASIS PMRM slides
In lieu of the telecon yesterday, I reviewed Gershon's presentation. It prompted me to inquire, "Can we define what information needs to be kept private?"
Various organization have made various attempts to define PI and PII, but I don't think that any of them are sufficient to allow us to agree on what attributes constitute either. Will we know PI/PII when we see it?
I would be grateful if anyone could provide me with a definition that they believe would allow us to discern whether any particular attribute falls into either category.
On Thu, Jul 12, 2012 at 10:20 AM, Gershon Janssen <gershon at qroot.com<mailto:gershon at qroot.com>> wrote:
For today's P3WG meeting, I will be using the attached slides during agenda item 2 on the OASIS Privacy Management Reference Model.
WG-P3 mailing list
WG-P3 at kantarainitiative.org<mailto:WG-P3 at kantarainitiative.org>
stollman.j at gmail.com<mailto:stollman.j at gmail.com>
Truth never triumphs - its opponents just die out.
Science advances one funeral at a time.
The partnerships of Edwards Angell Palmer & Dodge LLP and Wildman, Harrold, Allen & Dixon LLP merged on October 1, 2011. The new firm is known as Edwards Wildman Palmer LLP. For more information visit edwardswildman.com.
Boston, Chicago, Ft. Lauderdale, Hartford, London, Los Angeles, Madison NJ, New York, Newport Beach, Providence, Stamford, Tokyo, Washington DC, West Palm Beach, Hong Kong (associated office)
This e-mail message from Edwards Wildman Palmer LLP and Edwards Wildman Palmer UK LLP is intended only for the individual or entity to which it is addressed. This e-mail may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you received this e-mail by accident, please notify the sender immediately and destroy this e-mail and all copies of it. We take steps to protect against viruses but advise you to carry out your own checks and precautions as we accept no liability for any which remain. We may monitor emails sent to and from our server(s) to ensure regulatory compliance to protect our clients and business.
Edwards Wildman Palmer UK LLP is a limited liability partnership registered in England (registered number OC333092) and is authorised and regulated by the Solicitors Regulation Authority. A list of members' names and their professional qualifications may be inspected at our registered office, Dashwood, 69 Old Broad Street, London EC2M 1QS, UK, telephone +44 207 583 4055.
Disclosure Under U.S. IRS Circular 230: Edwards Wildman Palmer LLP informs you that any tax advice contained in this communication, including any attachments, was not intended or written to be used, and cannot be used, for the purpose of avoiding federal tax related penalties or promoting, marketing or recommending to another party any transaction or matter addressed herein.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-P3