P3-PFSG Meeting Notes 2011-04-14

Attendees:

Anna Slomovic
Trent Adams
Mark Lizar
Tom Smedinghoff

Apologies:
Gershon Janssen
Joni Brennan

Staff:
Anna Ticktin

1. ADMINISTRATIVE

  •  Roll Call

 
2. PRIVACY FRAMEWORK DISCUSSION
 
Principles summaries and analysis to date:

  • Once the list of principles have been completed, Anna would like the group to begin to  make a substantive review begging such questions as, "Do we have the right set of principles? Should Openness be combined with Notice?
  • Based on the research submitted, these seem to have too much overlap to be separate.
  • "Should Purpose Specification be a separate principle since it touches several others and involves both external communication (via Notice) and internal practices (Data Quality and Use Limitation are the obvious ones)?
  • Previously, we agreed to put it into Notice, but that misses several other elements.
  • How are Enforcement and Accountability different? Do we include Redress in Accountability?
  • Anna recommended to Scott David that he do that with the OIX FIPPs comparison tool because Redress seems to be a way to operationalize Accountability to the consumer.
  • APEC uses “Prevention of Harm” to the individual as a basis for privacy risk analysis and controls.
  • Several privacy frameworks discuss “prevention of harm” in a different context---when information should be disclosed by the data holder in order to prevent harm to another individual or comply with the law.
  • OIX FIPPs comparison tool puts this type of disclosure into category Public Interest Exceptions. Do we need such a category in our framework? If so, how do we define and circumscribe it?
  • In many cases principles interact with other principles. Please check the interaction section of the spreadsheet to see whether we are missing any important interactions.
  • The section on Controls is essential because this is what will translate into Service Assessment Criteria that can be observed, measured, etc.

Roadmap and the next phase of the PF work:

  • Mark will work with Dervla on a potential blog post or tweet to get the message out about the goings-on in P3 with regards to Privacy Framework.
  • The goal is one of out reach and solicitation for increased participation and contribution on P3-PFSG discovery effort.

 
3. AOB

P3's Scope for TFW effort:

  • The Privacy Framework will be a section slotted into the overall Trust Framework
  • The Privacy Framework will be a fundamental set of  privacy rules for the individual
  • It should be an overarching policy around data collection, usage and rules of data exchange. The focus is on the the "how", not the "what".
  • It should offer broader privacy guidance whilst, yielding to legal requirements / privacy laws at lower levels in various jurisdictions.
  • ACTION ITEM 20110414-01 Anna Slomovic will draft language around a scope of the proposed PF efforts for socialization to the TFW MM WG and Kantara Blog.

Adjourned