P3WG - Privacy Framework Sub-Committee Reference Library
The documents referenced here do not indicate endorsement or other support by the sub-committee. They are included here for reference only.
- ITSPA Privacy Management Reference Model 2.0
- ITSPA Analysis of Privacy Principles
- AICPA/CICA Generally Accepted Privacy Principles
- OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
- Directive 95/46/EC ofthe European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
- "The Personal Information Protection and Electronic Documents Act." Office of the Privacy Commissioner of Canada. 13 Apr 2000. (link currently unavailable)
- U.S. Safe Harbor Frameworks
- APEC Privacy Framework
- 2008 NAI Principles: The Network Advertising Initiative's Self-Regulatory Code of Conduct
- Privacy Policy Guidance Memorandum. US. Department of Homeland Security. 29 Dec 2008
- US. Department of Health and Human Services "Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information."
- Jim Purves' technical briefing paper on authentication processes for the UK Government Gateway
- There's a lot of detail in Jim's document, but for our purposes, I recommend a look at p.40, (section 4.53) which describes a generic registration process (generic in the sense of 'across UK Government Gateway service/user types', not necessarily universally applicable).
- UK Government's general Authentication Framework
- Interestingly, this defines both the kinds of data to be collected in support of a registration/enrolment, and also the mapping to OMB 404-style LoAs (which the OMB 'borrowed' from the UK strategy a few years back).