P3WG Meeting Notes 2012-12-13

P3WG Plenary Meeting 13 December 2012

Date and Time

  • Date: Thursday, 13 December 2012
  • Time: 08:00 PT | 11:00 ET | 15:00 UTC (time chart)
  • Dial in info: Skype: +99051000000481 North American Dial-In: +1-805-309-2350 Conference ID: 402-2737

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Review minutes: P3WG Meeting Minutes 2012-10-04, P3WG Meeting Minutes 2012-10-18
    4. Call schedule (winter holidays)
  2. Privacy Assessment Criteria - update
  3. AOB
  4. Adjourn

Attendees

  • Bill Braithwaite
  • Colin Soutar
  • Myisha Frazier-McElveen

Quorum is 4 of 6

Staff

  • Heather Flanagan (scribe)

Non-Voting

  • Peter Capek
  • Andrew Hughes
  • Nathan Faut

Apologies:

Minutes & Notes

Administration

Motion for minutes -

  • Call not at quorum - minutes not approved

Next call will be cancelled (Dec 27); We will meet the on the normal call schedule again starting 10 January 2013

Discussion

Privacy Assessment Criteria
Peter Capek has graciously offered to take the PAC document to the next stage, by incorporating and expanding upon the notes collected to date into a document that can be commented upon by the general group.  We are still soliciting an editor for this document in the longer term – Peter has indicated that he would step aside beyond this next stage if there is someone with a strong interest to take on the editor role.

  • started by trying to bring in to consistency - doc has obviously been edited by a number of people
  • we have a base doc, a bunch of statements about what various participants must do, and not very much about criteria; thought it would be useful to have discussion on how group sees the ultimate doc ending up; if this is tied to FICAM it should make more reference to that doc rather than repeating it; guidance to what an auditor must do is more in the comments than in the doc itself
  • (Colin) we have gone through several iterations on this doc, and the first iteration targeted this at auditors assessing against FICAM - is everyone still in agreement on that point? Yes.  In terms of the auditor requirements for assessment criteria, Observe, Inquire, and Inspect are the parameters under which criteria may be evaluated. 
    • (Peter) how would you see that as being implemented, such as with "informed consent" - we have a list of things which might be done, and we could say that the auditor will confirm that they will be done, but does the auditor really need us to spell that out after we've already created the list?
    • (Colin) statements about what the service will do, the auditor will be expected to observe if possible, or inquiry if not; perhaps we should put down what we think the auditors should be doing and then send it out for comments, at which point he auditors will come back with points on what can actually be reasonably achieved
    • (Myisha & Bill) providing clear direction to auditors is the right plan
  • (Pete) to what extent would you expect auditors to read the FICAM doc in its entirety?  Do we want this to be self-contained?
    • (Colin) it should be self-contained, but we can assume we are talking to someone skilled in auditing and familiar with FICAM; the intended audience is auditors who are accredited under the Kantara Trust Framework program under FICAM (so they should have the appropriate background knowledge of FICAM)
    • (Myisha) perhaps we should consider that some of the readers of this doc will be people considering to become KI Certified Assessors? (Colin) they should be doing their own homework
  • Pete will pull together the edits, with comments in an addendum so core doc is as tight as possible
  • (Myisha) with IAWG hat on, the IAWG has agreed to support in whatever way possible; at what point should there be a formal cross-review with the IAWG?
    • (Colin) if over the next month we can pull the doc together for P3WG discussion, after the P3WG has gone through it, then it can go to the IAWG (towards the end of February)

AOB

 

Next call

  • Date: January 10, 2013
  • Time: 08:00 PT | 11:00 ET | 15:00 UTC (time chart)
  • Dial in info: Skype: +99051000000481 North American Dial-In: +1-805-309-2350 Conference ID: 402-2737