P3WG Meeting Minutes 2012-02-23
Attendees:
Ann Geyer
Anna Slomovic
Colin Soutar
Hedy Kirkby
Tom Smedinghoff
Susan Landau
Myisha Frazier-McElveen
Peter Capek
Jeff Stollman
Rich Furr
Colin Wallis
Apologies:
Mark Lizar
Aaron Brauer-Rieke
Staff:
Anna Ticktin
Joni Brennan
MINUTES:
1. Administrative:
- Ann Geyer and Myisha wish to change their voting status to "voting".
- Roll Call
- Motion for minutes approval: 09 Feb 2012
- Ann moves to approve the minutes as recorded. Peter seconds. With no opposition, the motion carries.
- Open call for P3 Secretary nominations.
- None volunteered on the call. But the call remains open on the list.
Action item review:
- Review of ad hoc meeting with Bob Gelman on Privacy Assessment Criteria
- Review of potential NSTIC proposal - Overcome By Events - see Kantara staff note
2. Privacy Assessment Criteria
 http://kantarainitiative.org/confluence/display/p3wg/Privacy+Assessment+Criteria+%28PAC%29 Â
[Review of proposed framework (draft doc circulated on the list via the agenda)
- Colin's suggested framework : Assessment criteria inserted as normative targeting specific jurisdiction
- Myisha and Tom confirm that relying parties should be part of the PAC.
- Tom suggests the document could be framed to be (1) General rules for privacy assessment and then (2) a secondary approach with specific requirements dictated by relevant jurisdictions, or Kantara-specified, and (3) Federal Gov't requirements.
- Susan highlights that requirements change and the group/document needs to consider how to flex with evolving criteria.
- Colin offers that having document maintenance as part of the PAC process, the doc could be updated as a matter of process requisite in the standards creation arena.
Questions:
- Is there a need to further address the FICAM requirements or is the IAWG's document (Add'l Requirements for CSPs: US FPC) sufficient?
- Does Kantara want to have some set of normative requirements tethered to its framework? As it stands, the IAWG's profile is only linked to the US Federal Gov't.
- The tone and intention of the P3's charter / scope was to consider a privacy framework supportive of the US Federal Government and beyond... Joni confirms this is the correct home for these types of questions, considerations and work.
- The group identifies the ARB as the primary audience of the PAC.
- The group thinks it will be key to clarify requirements vs assessement criteria.
- Tom suggests instead of assessing against normative requirements, there could be an approach toward more "neutral assessments". Anna cautions that this could create a "race to the bottom".
- Susan summarizes that the group must determine to what bar the group wishes to draft this privacy guidance---minimal Federal requirements? Or top level privacy require respected as standard-setting within the community.
- Joni suggests that the step-up approach could be most viable: start broad and then refine with more normative criteria. Additionally, she feels the US Federal Government would welcome the work and it might be most productive to come to them with our formulated recommendations.
- The P3 could build its privacy requirements based on its projection of where the law is going.
- ACTION ITEM 20120223-01 Colin will take a stab at a second round of refining the framework of the PAC reflective of the discussion today.
3. Review of IAWG Report Additional Requirements for CSPs: US Federal Privacy Criteria (doc circulated on the agenda via the list).
- How does the work of the P3 harmonize with IAWG's efforts, when the dialogue and each other's work has been done on separate, but parallel tracts?
- The IAWG offers that in the absence of any privacy guidance for assessment, the ARB utilized IAWG's expediently drafted privacy profile to fulfill the FICAM requirements.
4. Munich F2F
- It seems the P3 would be open to have a joint session with the IAWG.
5.AOB