Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version 6

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Potential Work Items - Detailed Descriptions

NOTE FOR SUBMISSIONS--Please include:

  • Title
  • Contributor (name/affiliation)
  • Scope of Work
  • Desired output (i.e. position paper/technical paper)
  • Intended Audience (i.e. submission to policy body/publication on P3 Working Group site etc.)
  • Editor, co-editor, contributors
  • Target date for completion

MODEL PRIVACY POLICY

Contributor

Jeff Stollman / Iain Henderson

Scope of Work

P3wg can make a valuable contribution to privacy by crafting a model Privacy Policy. This model policy would consist of multiple choice options for the various standard elements of a privacy policy (e.g., what information we collect, with whom we share the information, how we protect the information). This would allow the sites adopting the model policy to rapidly craft comprehensive policies. But more importantly, the use of a standard model would have extensive benefits for users asked to sign the policy.

...

note (from Iain) - the Information Sharing Group will be developing equivalent 'information sharing agreements' as seen from the individual perspective; i.e. 'I will let you have data type X for purpose Y, subject to constraint Z'. If the two workgroups collaborate then we'd have the ability to icon based, machine readable policies agreements at both ends of the data sharing pipe.

Desired Output

Output 1

Privacy policy template(s) that can be used by enterprises collecting Personally Identifiable Information (PII) that cover most common policy considerations and offers a fixed menu of choices.

Output 2

Consumer guidance on the impact of their decisions in accepting/rejecting the various terms of the privacy policy.

Intended Audience

Output 1

Enterprises collecting Personally Identifiable Information (PII).

Output 2

Consumers.

Editor, co-editor, contributors

Jeff Stollman

Target date for completion

  Output 1

The first draft privacy policy template will be developed by the end of Q1, 2010.

Output 2

Draft consumer guidance for the first privacy template will be developed 60 after the template is completed.

CONSENT AND ANTI-PATTERNS

Proposal is that P3 collect examples of consent anti-patterns... i.e. if we see real instances of poor practice in the collection of user data, or presumed consent, or making service provision conditional on acceptance of privacy-hostile terms, etc to record these instances (not with the intent of alienating the service provider concerned).

...

A link to a page with Consent and AntiPattern examples

PRIVACY RISK ASSESSMENT

Contributor

Jeff Stollman

Scope of Work

P3wg can make a valuable contribution to privacy by crafting a Privacy Risk Assessment. To date, this type of assessment has not been done even though it is a fundamental to any privacy risk analysis. Current discussions of risk rely on citing of examples of breaches, but have not evaluated which data items subject a person to the most risk.

...

7.  identify follow-on work

Desired Output

A detailed analysis that identifies and prioritizes the risks associated with each data item.

Intended Audience

Government regulators, consumers, enterprises that collect PII.

Editor, co-editor, contributors

Jeff Stollman

Target date for completion

This is a massive effort and will not be completed using only voluntary labor.  One of the inital tasks will be to identify sponsors to help fund the effort. This alone could take months.  Depending on the funding provided, an analysis could be completed within 90 days.