Weekly Meeting 2013 07 23 Notes
Information Sharing Work Group Teleconference
Date and Time
Tuesday, Jul 23 : 4:30pm PDT, 7:30pm EDT
Wednesday, Jul 24 : 12:30am UK, 9:30am JT, 11:30pm NZDT
Please join my meeting via GoToMeeting
Join the conference call
Skype: +99051000000481
US Dial-In: +1-805-309-2350
UK Dial-In: +44-20-3137-5285
Conference ID: 178-2540
GoToMeeting ID: 844-771-298
Attendees
Joe Andrieu
Lionel Klee
Nat Sakamura
Apologies
Agenda
Attendance
Approval of Prior Minutes & Other Motions
Prior Action Item Review
Continuing Business
Rechartering
New Business
Action Item Review
Next meeting schedule
Minutes
1. Attendance
We noted that with 2 of 4 voting members in attendance, quorum was met.
2. Motions
None
3. Prior Action Item Review
Joe: Needs to talk to Joni DONE
Joe: Write a blurb re: funding for Survey – Enrolled Craig Honnick
Joe: Write a blurb re: secretary internship – No action
Mark: Set up a meeting with Joe & Iain DONE
4. Continuing Business
Survey
Rechartering
Focus
Data safeguarding
Data minimization / ISO 29100 (minimization of access)
Collection Limitation
Versus privacy control
ISO 29100 outlines 11 principles for enhancing privacy
ISO 29100 well regarded and aligned with proposed EU regulation:
1. Consent and choice
2. Purpose legitimacy and specification
3. Collection limitation
4. Data minimization
5. Use, retention and disclosure limitation
6. Accuracy and quality
7. Openness, transparency and notice
8. Individual participation and access
9. Accountability
10. Information security
11. Privacy compliance
These are apparently also quite similar to the New Zealand principles.
OECD publishing new principles this September. First update since 1980.
What about "Consent, Notice, and Obligations Work Group"?
Key to our focus is the nature of individual control over their data.
The ability to rescind consent. And to consent to particular, limited use, limited data exchanges.
And, above all, how does this work simply and easily enough for regular folks?
"Consent and Sharing Work Group"
"Personal Consent Work Group"
"Consent and Information Sharing Work Group"
Small instances of consent can be recorded for granular clarity about the consequences of interactions.
Scenarios
For the second survey, we want to look at five canonical situations where the label might be seen by users. If we can do that well, we'll have a good foundation for thinking about the major users. These should also be good for our own discussion
Factor Changes:
Brand — Un/Known, Un/Favorable
Data – Contact info, name, SSN, DOB, DNA, Credit Card, Bank Info
Purpose – Payment, Delivery, FREE stuff, Website Access
Aligned & Misaligned Data & Purpose
Give data X to Y for Z
Purchase
Reservation
Reservations
Making a hotel reservation at Hotels.com, providing Credit Card details.
Making a bicycle rental reservation at Joe's SF Bike Tours, providing Credit Card details.
Content
Accessing web content at Bacardi.com, providing DOB.
Accessing web content at Nickelodeon, providing DOB.
Accessing web content at Google, providing DOB.
Photos
Upload a photo of yourself on Facebook to share with your friends
Upload a photo of your friends on Facebook to share with your friends
Upload a photo of your friends on Joe's SF Bike Tours, to help promote
Upload a photo a Bacardi.com, to enter a promotion
Upload a photo of X to Y for Z
Open a bank account
You're placed under arrest
Process: Let's look at the data and see that we have a good scenario where we would normally share it.
Hypothesis: alignment of data & purpose is a dominant factor
5. New Business
Scenarios
6. Action Items
7. Next Meeting
Tuesday July 2 : 12:30 pm PDT, 3:30pm EDT, 8:30pm UK,
Wednesday Juy 3 : 4:30am JT, 7:30am NZT
60 minutes