P3WG Charter

(1) WG NAME (and abbreviation):

Privacy and Public Policy Work Group (P3WG)

(2) PURPOSE:
Privacy, and the policy decisions which affect it, are increasingly a core theme of digital identity-related work. This Work Group is intended to ensure that the Kantara Initiative ("Kantara") contributes to better privacy outcomes for users, data custodians and other stakeholders, by defining privacy-related principles and good practice applicable to a broad range of prevalent technology platforms.

(3) SCOPE AND DEFINITION OF WORK:

• Become an active convening authority for privacy and public policy work - including productive engagement with the CPO, policymaker, regulatory and adoption communities.
• Liaise and work with other Kantara groups to represent the privacy and public policy perspective, and to serve as an ongoing point of reference for privacy/policy-related questions. 
• Lead work to define and develop Privacy Management and Privacy Assurance deliverables which complement Kantara's initiatives in Identity Assurance and Identity Governance.
• Liaise and work with projects and organisations outside Kantara to further the same objectives.

(4) DRAFT TECHNICAL SPECIFICATIONS:

• Draft technical specifications are outside the scope of this WG

(5) OTHER DRAFT RECOMMENDATIONS AND PROJECTED COMPLETION DATES:
The WG will publish and maintain a rolling quarterly plan setting out its planned deliverables and stakeholder engagement programme. The plan will include:

White Papers and Framework Documents such as:

• Privacy Guidance Document to bridge the gap between CPO, technical and policymaker communities;
• Privacy Management Framework, as a preparatory step towards
• Privacy Assurance Framework;
• Repository of Summit Reports from face-to-face discussion, advisory meetings, etc.

Stakeholder meetings such as:

• regular advisory event to solicit strategic guidance;
• face-to-face Work Group meetings;
• CPO and policymaker workshops.

(6) LEADERSHIP: Proposed WG Chair and Editor(s), subject to confirmation by a vote of the WG Participants.

• Robin Wilton, Director of Privacy and Public Policy, Liberty Alliance (interim Chair)
• Community of volunteer reviewers plus the assigned editors of specific deliverables, including but not limited to WG Participants. (For instance, non-member subject-matter experts might be invited to contribute all or part of a document).

(7) AUDIENCE:
The P3WG aims to engage constructively with core constituencies in three principal regions of the privacy landscape:

1. Adoption: Corporate Chief Privacy Officers (CPOs), technologists, vendor and standards-setting communities
2. Policy: Policy-makers, policy influencers and regulators
3. Privacy: Privacy advocates, user communities and related stakeholders

The WG will build and maintain a productive dialogue with and between these three communities so as to build a fertile environment for the development and adoption of privacy-related identity solutions.
This comprehensive outreach approach is based on a recognition that the most visible element - "Privacy Enhancing Technologies" (PETs) - can only succeed if they fit into a healthy ecosystem of other privacy-enhancing disciplines -

• Privacy-enhancing culture
• Privacy-enhancing governance (including management and assurance)
• Privacy-enhancing policies, good practice and processes
• Privacy-enhancing implementations

with an over-arching goal of improving privacy outcomes.

(8) DURATION:
This proposal is for a standing WG to address the ongoing requirement for thought leadership in identity, privacy and public policy. The best results are likely to arise from a sustained programme of engagement with key stakeholders such as the policy-maker community. However, a published plan of work, events and tangible deliverables will serve to make sure the group remains productive, accountable and focussed on the goal of improved privacy outcomes.

(9) IPR POLICY:
Kantara Initiative IPR Policies: Option Creative Commons Attribution Share-Alike

(10) RELATED WORK AND LIAISONS:
The following shortlist indicates potential liaisons where some degree of discussion/outreach has already taken place. Many other candidates will doubtless emerge, and some degree of qualification will be needed to ensure that the WG does not spend all its time liaising and none on its own work.The P3WG chair or other suitable volunteer Participant(s) will monitor WG charter proposals from the privacy perspective, and position P3WG itself as a 'privacy advisory resource' available for other WGs.Resources permitting, the P3WG will also actively participate in the requirements definition work of other WGs to promote a consistent approach to privacy and policy-related issues.

Potential Kantara WG liaisons

• User Driven and Volunteered Personal Information Policy WG - liaison sufficient to gauge/inform privacy-related aspects;
• eGovernment WG - Mutual WG participation. Primary liaison point will be the eGov WG chair;
• Identity Assurance and Accreditation WG - Mutual WG participation. Primary liaison point will be the Policy chair of the IAAWG;
• Healthcare Identity Assurance WG - liaison sufficient to gauge/inform privacy-related aspects;
• Academic Interfederation - possibility of convening existing external groups (e.g. REFEDS, TERENA) individually or collectively in Kantara;
• Mydex: Proposal for joint research User Driven Volunteered Personal Information
• Consumer Identity WG - (formerly known as Id-Theft group) liaison sufficient to gauge/inform privacy-related aspects;

External liaisons

• PrimeLife (EU)
• STORK (EU/UK)
• EnCoRe (UK)
• ANSI Privacy TAG, IDSP, ISO SC27/WG5 ...
• OECD WISP
• NSF GENI project

(11) CONTRIBUTIONS: A list of contributions that the proposers anticipate will be made to the WG.

• Use cases (from prior VPI SIG)
• Design documentation for personal data store and VPI sharing (Mydex)
• Reference deployment for personal data store and VPI sharing using ID-WSF, Information Cards, XRI, and OpenID (Mydex)
• Privacy Summit reports from the Liberty Public Policy EG (Liberty Alliance)

(12) PROPOSERS: Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG.

This is a 'starter' list of individuals and organizations who have expressed a willingness to support the WG's formation and, as a first step, have been invited to review the draft charter. This 'charter group' will also be invited to nominate other candidate participants from the regulatory and policymaker communities. That will be followed by a broader membership drive once the charter has been accepted.

Draft version: P3WG-charter-1.2
Date: 4^th June 2009
Author: Robin Wilton