Versions Compared

Old Version 15

changes.mady.by.user Former user

Saved on

compared with

New Version 16

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Title
  • Contributor (name/affiliation)
  • Scope of Work
  • Desired output (i.e. position paper/technical paper)
  • Intended Audience (i.e. submission to policy body/publication on P3 Working Group site etc.)
  • Editor, co-editor, contributors
  • Target date for completion

Model Privacy Policy

...

Contributor

Jeff Stollman / Iain Henderson

...

A link to a page with Consent and AntiPattern examples

Privacy Risk Assessment

Contributor

Jeff Stollman

Scope of Work

P3wg can make a valuable contribution to privacy by crafting a Privacy Risk Assessment. To date, this type of assessment has not been done even though it is a fundamental to any privacy risk analysis. Current discussions of risk rely on citing of examples of breaches, but have not evaluated which data items subject a person to the most risk.

...

1. Is the privacy risk of establishing a national ID program in country X, worth the reduction in the risk of terrorism? Does a national ID program in country X actually increase the risk of terrorism through increased risk to privacy?
2. Can the privacy risk exposures to Company Y of holding various Personally Identifiable Information (PII) on its clients be reduced by selecting different data items for authentication and/or marketing purposes?
3. What level of regulatory penalties would be effective in compelling enterprises to better protect employee/customer PII?
4. Will the resulting risk reduction justify Company Z's investment in implementing better PII protection policies?

The scope of work will include the following activities:

1.  size and scope the effort

2.  identify sponsors

3.  obtain funding

4.  design methodology

5.  conduct research

6.  summarize findings

7.  identify follow-on work

Desired Output

A detailed analysis that identifies and prioritizes the risks associated with each data item.

Intended Audience

Government regulators, consumers, enterprises that collect PII.

Editor, co-editor, contributors

Jeff Stollman

Target date for completion

This is a massive effort and will not be completed using only voluntary labor.  One of the inital tasks will be to identify sponsors to help fund the effort.  This alone could take months.  Depending on the funding provided, an analysis could be completed within 90 days.