Disposition of Comments: PICPR20241010

1.

12

222-223

Editorial or Technical

Include your comment

Recommend a change

WG lists their finding here

1.

Section 2.2.4

Editorial

Suggested addition of “For example, in most use cases, marketing should not be the sole or primary purpose for the collection of mobile credential data.”

Remove addition and refrain from referencing marketing/any other use case

Sentence deleted.

2

9

The diagram is a bit of a mess with the line numbers interfering with the graphic.

Line numbers removed from release version

3

10

195

Line 195, the use of the word “her” in the paragraph. In this day and age “him and her” are a questionable way to describe the human condition.

4

11

204

socio-technical, in other places this is one word.

Replaced socio-technical with sociotechnical throughout

5

19

410

missing a period at the end.

Fixed

6

20

455

The word “Current’ got my attention. Is it not possible that ‘old’ information (however old is defined), still accurate information, could still be relevant to parties interested in the information on the mDL and presented by the Holder for a specific purpose? (I suspect many minds brighter than mine already had this discussion and decided that “Current” was OK in this explanation. Oh well.) Line 480 also mentions “currency.” Something could be “accurate” but not “current.” The accurate ‘old’ information could still be relevant. (?)

Added this note: NOTE: For these requirements, “current” is not a measure of how old the information is. For example, a home address may be current if it has not changed in 10 years and is still the ‘current’ address.

7

23

537

I’m not too keen on using the word “downstream.” I know what it means and what ‘you’ are trying to say, but I’m not sure that its use in a technical paper is appropriate. I think it is a shortcut for perhaps a longer phrase that might better define what you are trying to say here. “Downstream” is a corporate term, but not widely used by the average person. (?)

Original:

NOTE: Where Verifiers use Holder data for downstream purposes identified, whether or not this is identified in their Notice, the Verifiers should implement a system or a process to allow the Holder to understand what data has been processed.

Changed:

NOTE: Where Verifiers use Holder data for other purposes, whether or not this is identified in their Notice, the Verifiers should implement a system or a process to allow the Holder to understand what data has been processed.

8

26

643

I would insert “(PIA)” right after “A Privacy Impact Assessment”. In my property world our style is that when there is the first use of a term, as we have in this case, and subsequent use of the acronym, that the acronym is defined right after the first use of the full term.

(PIA) added

9

28

Should the “Note” in “Biometric” end with something like this: “…retina scans, or other features, or a combination of features.” ??   Are there cases, or will there be cases, when more than a singular biometric feature will be used to establish identity of a natural person? Seem possible to me, although I do not have a current example for you.

Updated to read:

Note: Biometrics are treated throughout this document as inherently sensitive data, and can include facial images, fingerprints, retina scans, or other features or combinations of features.

10

30

“Holder” then “Note”, I was taught by a bright lawyer I know that “and/or” is poor form and lazy use of language. On the other hand I am not offering a ‘correction.’ I’ll leave that up to the group.

Updated note reads:

Note: Delegates are handled elsewhere in this document. In those cases, the delegate may ‘hold’ the device or use the app on behalf of the natural person.

11

30

“Identity proofing. Why the three dots … before “This is the process…” ? And to be consistent, the word “proofing” in the “Term” column should be in capitalized.

No change. The ellipsis indicates that the words following are a continuation of the text from the source.

12

30

“Identity Provider” Does the “AKA” here stand for the usual “also known as”? And I assume “SP” Stands for “Service Provider.” ? And, is it proper to keep the little footnote number at the end of the definition when there is no footnote shown on this page?

Removed the footnote number, but left the rest unchanged as a quote from the indicated source.

13

31

I think to be consistent with your style that “Mobile Driver’s License” should have a cap “D” and “L”. And I have a question about the AAMVA definition. I have concern, maybe a question, about the word “same.” Is it not possible, even likely, that there will be or could be a ton more data on an mDL than on a ‘plastic’ driver’s license?

Changed Mobile driver’s license to mobile Drivers’s License.

The rest is unchanged and can be discussed by the group.

14

32

Cap issue with the Term “Operational Circumstances”. Same for the “Personal Information” below.

Changed to Title Case

15

33

Relying Party.” Here you use “IDP” but on page 30 you use “IdP”. I think you need a lower case “d’” here.

Unchanged. This was from the source IDPro Body of Knowledge.

Agree not completely user friendly.

16

34

OK, I know what “GDPR” is. But much of the world does not. As this is first use in this paper, you should spell it out.

Done

17

34

Under “Term” “Design should be a cap “D”.

Fixed

18

35

“and/or” shows up again.

Fixed

19

36

Line 679 Missing a period at the end??

Fixed

20

37

Line 694. I would remove the word “written.” A sign is a sign, written or electronic.

Changed

21

37

Line 697 Missing a period at the end??

Fixed