Weekly Meeting 2010 05 10 Notes Ratified
Information Sharing GROUP, Standard Agreement SUB-GROUP Teleconference
Date and Time
- Date: 10 May 2010
- Time: 6am HST | 9 PDT | 12 EDT | 5pm UK
- Please join my meeting via GoToMeeting
- Join the conference call:
- Skype: +9900827042954214
- US Dial-In: +1-201-793-9022
- UK Dial-In: +44 (0) 8454018081
- Room Code: 2954214
- GoToMeeting ID: 844-771-298
Attendees
- Joe Andrieu
- Iain Henderson
- Mark Lizar
- Eve Mahler
- Juan Avalon (non-voting)
- Judi Clark
- Mike Kirkwood (voting)
Apologies
Agenda
- Attendance
- Prior Action Item Review
- New Business
- Information sharing agreement landscape
- Action Item Review
Minutes
1. Attendance
We noted that 7 people on the call were voting members and that the group did not meet quorum on this call.
2. Prior Action Item Review
Iain will follow up with non-attending members - in progress
Iain will draft exec summary in literature review - working on it, shooting for a deliverable by IIW - in progress, will present session on IIW
Iain will think about IP for standard agreement (pending discussion or letter with Joni) - in progress, also related:
Iain will work on handing off core IP from his previous work to this group; will talk with Joni this week. Joni has been contacted, Joni replied in email. - in progress
Joe will send an invitation to this discussion out to Parties listedin last week's minutes - waiting until we get IP agreement settled.
Mark will forward this invite to the P3 group - waiting until we get IP agreement settled.
Judi will follow up re: Info Sharing Workshop space. Done.
Judi will send a note to group regarding date changes for upcoming meetings (see below). Done.
3. New Business
Judi requested to be moved to non-voting. Will email Joe & Iain, cc staff@kantarainitiative.org, asking me to be placed on non-voting status. For further meetings, she will indicate that she wishes to remain non-voting.
4. Information sharing agreement landscape
Several models exist under different names. Some helpful discussion about who can share with whom for practical, legal terms; no meaning to share with one's self. Focus on why we're doing what we're doing. A consideration when looking at this ecosystem: users vs intermediaries (wrt safeharbors). Juan asked how much of the agreement is ruled by technology vs legal system? Joe: we're dealing with the realm of use cases where there are analog holes (people that have the data, can't wrap protection around it), so info sharing regime is about corrective enforcement not preventative. Some considerations at access level. Iain: we keep an eye on technical options, more focus on legal side. Juan: would it be feasible to include the agreement as a generic, standard part, with check-box (machine interpreted) approach? Joe: yes. Should be parsable on both client and provider side. Also there's a master agreement, and specific parts to each transaction. Eve: fledgling effort with legal people, efforts; she will follow up with links. Joe: data needs to be destroyed, affirmative confirmation; audit trails for data usage. Eve: UMA went with an assumption that "I agree" can bind a vendor as effectively as it currently binds a user. If vendor machine is set up as a tool vs intermediary; leverage as much as possible from technical realm.
Iain referred to a diagram, Types of Information Sharing Agreements:
- Indiv to self (service)
- Indiv to another individual
- Indiv to product/service provider
- Product/service provider to product/service provider
- Indiv to public sector
- Service provider to public sector
- public sector to data aggregator
- public sector to public data set
Juan: undertaking/situation where indiv is giving info to service provider who works with 3rd parties to provide their services, contracts w 3rd parties also need to be bound. Is this joint and several liability? This needs to be spelled out more clearly (e.g., Valero.net, closed contractual community allowed liability to be managed strongly, may apply to, say, the banks in contractual, legal level). Here we're trying to open that up, most companies don't want to liable for 3rd parties. Mark: enforceability is also an issue; how will agreements be enforced. Juan: important to deliniate between tech and legal because legal is messy (my words -judi). Judi: this is the DRM problem.
Joe: companies can't manage individual agreements with each customers, why we need standard agreement with specific choices. Juan will draft a list of legal concerns. Joe: suggests checking with Kantara wiki, working drafts, Beyond Data Ownership . Joe: if a service provider is doing value-added service, they're not in the safeharbor business.
Iain: need to write more detail in each scenario (listed above) so we can see what's going on in each. For example, info sharing between indiv & customer-facing organization. Joe: Three entities: consumer, Safe harbor plumbing company (storing, managing permissions, data could be encrypted), Service provider who consumes and creates value.
Personal RFP: deep dive meeting scheduled for Friday, all invited.
5. Action Items Review
Iain will follow up with non-attending members
Iain will draft exec summary in literature review - will present session on IIW
Iain will think about IP for standard agreement (pending discussion or letter with Joni), and will hand off core IP from his previous work to this group; will talk with Joni this week. Joni has been contacted, Joni replied in email.
Joe will send an invitation to this discussion out to Parties listedin last week's minutes - waiting until we get IP agreement settled.
Mark will forward this invite to the P3 group - waiting until we get IP agreement settled.
Eve will forward a list of links from her discussions with legal people. (done)
Juan will send a few thoughts as draft on legal concerns, international level.
Next Standard Agreement Meeting
24 May 2010
6am Hawaii, 9am Pacific, Midday Eastern, 5pm UK
Skype: +9900827042954214
US Dial-In: +1-201-793-9022
UK Dial-In: +44 (0) 8454018081
Room Code: 2954214
Next Regular Meeting
31 May 2010
6am Hawaii, 9am Pacific, Midday Eastern, 5pm UK
Skype: +9900827042954214
US Dial-In: +1-201-793-9022
UK Dial-In: +44 (0) 8454018081
Room Code: 2954214
NOTE: Do not follow the code with a "#" symbol as it may cause the code not to be recognized.