P3-PFSG Meeting Notes 2011-02-24

Attendees:

Anna Slomovic
Mark Lizar
Gershon Janssen
Tom Smedinghoff
Trent Adams
Colin Wallis
John Bradley
Rainer Hoerbe
Peter Capek
Dale Olds
Christine Runnegar

Staff:
Joni Brennan
Anna Ticktin

MEETING NOTES:

1. ADMINISTRATIVE

2. PRIVACY FRAMEWORK DISCUSSION
Discovery results
    

  • Frameworks available for analysis have been posted on the wiki here.
  • Anna suggests starting with "common principles" to find commonality since privacy is very different across jurisdiction. By starting with what people have already agree on, the group could then move on to proposing a solve to what has not been resolved by the community. John adds that at some point we need to identify what we aim to achieve in producing 1 or more privacy frameworks.

Discussion:

  • What problems are presented when a TFW that is privacy protected attempts to cross-credential with a TFW that is not? Clearly there are conflicting notions of privacy in a TFW, thus multiple applications of a TFW must be defined. Cost vs. Privacy is an unavoidable trade off.

The next phase of the work---Analysis of principles:

Division of work:

  • PFSG members are asked to sign up for 1 principle and leverage it across different frameworks , asking: what it is and how it's used, catalog what the suggested high-level controls are from the TFW [the "thing" you are going to be measured on for the audit] to determine whether it's actionable. Reports should be made available by the next  PFSG call on 17 March.

Needs: (this work will be collated upon completion):

  • principle
  • description and variations
  • where it appears
  • what controls are associated with it
  • how useful is this principle operationally

Volunteers:        

  • Mark — notice, purpose specification, consent
  • Colin ---proportionality
  • Anna — equality
  • Peter — use limitation

        
Remaining principles to be researched:

  • collection limitations
  • disclosure
  • access and correction
  • safeguards
  • enforcement
  • accountability    
  • openness
  • prevention of harm

Analysis of definitions:

  • Creating the Privacy Framework and Privacy Profiles
  • Timing and planning of the next phase

 
3. AOB

Adjourned