Weekly Meeting 2013 07 23 Notes

Owned by Former user (Deleted)
Last updated: Jul 23, 2013Version comment
2 min read

Information Sharing Work Group Teleconference

Date and Time

  • Tuesday, Jul 23 : 4:30pm PDT, 7:30pm EDT
  • Wednesday, Jul 24 : 12:30am UK, 9:30am JT, 11:30pm NZDT  

  • Please join  my meeting  via GoToMeeting
  • Join the conference call
    • Skype: +99051000000481
    • US Dial-In: +1-805-309-2350
    • UK Dial-In: +44-20-3137-5285
    • Conference ID: 178-2540
    • GoToMeeting ID: 844-771-298

Attendees

  • Joe Andrieu
  • Lionel Klee
  • Nat Sakamura

Apologies

Agenda

  1. Attendance
  2. Approval of Prior Minutes & Other Motions
  3. Prior Action Item Review
  4. Continuing Business
    1. Rechartering
  5. New Business
  6. Action Item Review
  7. Next meeting schedule

Minutes

1. Attendance

We noted that with 2 of 4 voting members in attendance, quorum was met. 

2. Motions

None

3. Prior Action Item Review

  1. Joe: Needs to talk to Joni DONE
  2. Joe: Write a blurb re: funding for Survey – Enrolled Craig Honnick
  3. Joe: Write a blurb re: secretary internship – No action
  4. Mark: Set up a meeting with Joe & Iain DONE

4. Continuing Business

Survey

Rechartering

Focus
Data safeguarding

Data minimization / ISO 29100 (minimization of access)

Collection Limitation

Versus privacy control

ISO 29100 outlines 11 principles for enhancing privacy

 

ISO 29100 well regarded and aligned with proposed EU regulation:

1. Consent and choice
2. Purpose legitimacy and specification
3. Collection limitation
4. Data minimization
5. Use, retention and disclosure limitation
6. Accuracy and quality
7. Openness, transparency and notice
8. Individual participation and access
9. Accountability
10. Information security
11. Privacy compliance

These are apparently also quite similar to the New Zealand principles.

OECD publishing new principles this September.  First update since 1980.

 

What about "Consent, Notice, and Obligations Work Group"?

Key to our focus is the nature of individual control over their data.

The ability to rescind consent. And to consent to particular, limited use, limited data exchanges.

And, above all, how does this work simply and easily enough for regular folks?

"Consent and Sharing Work Group"

"Personal Consent Work Group"

"Consent and Information Sharing Work Group"

Small instances of consent can be recorded for granular clarity about the consequences of interactions.

 

 

Scenarios

For the second survey, we want to look at five canonical situations where the label might be seen by users. If we can do that well, we'll have a good foundation for thinking about the major users. These should also be good for our own discussion

Factor Changes:

Brand — Un/Known, Un/Favorable

Data – Contact info, name, SSN, DOB, DNA, Credit Card, Bank Info

Purpose – Payment, Delivery, FREE stuff, Website Access

 

Aligned & Misaligned Data & Purpose

Give data X to Y for Z

Purchase
Reservation
Reservations

Making a hotel reservation at Hotels.com, providing Credit Card details.

Making a bicycle rental reservation at Joe's SF Bike Tours, providing Credit Card details.

Content

Accessing web content at Bacardi.com, providing DOB.

Accessing web content at Nickelodeon, providing DOB.

Accessing web content at Google, providing DOB.

Photos

Upload a photo of yourself on Facebook to share with your friends
Upload a photo of your friends on Facebook to share with your friends
Upload a photo of your friends on Joe's SF Bike Tours, to help promote
Upload a photo a Bacardi.com, to enter a promotion
Upload a photo of X to Y for Z

Open a bank account
You're placed under arrest
Process: Let's look at the data and see that we have a good scenario where we would normally share it.
Hypothesis: alignment of data & purpose is a dominant factor

5. New Business

Scenarios

 

6. Action Items

 

7. Next Meeting

  • Tuesday  July 2 : 12:30 pm PDT, 3:30pm EDT,  8:30pm UK,
  • Wednesday Juy 3 : 4:30am JT, 7:30am NZT
  • 60 minutes