P3WG Meeting Minutes 2012-03-22
Attendees:
Tom Smedinghof
Bill Braithwaite
Ann Geyer
Jeff Stollman
Peter Capek
Hedi Kirkby
Colin Wallis
Colin Soutar
Anna Slomovic
Aaron Brauer-Rieke
Myisha Frazier-McElveen
Nathan Faut
Apologies:
Joni Brennan
Staff:
Anna Ticktin
MINUTES:
1. Administrative:
- Roll Call
- Motion for minutes approval: 8th March 2012
- Ann Geyer moves to approve the mins as captured. Aaron seconds. With no objection the minutes are approved as captured.
2. PAC
- Update from 15th March ad hoc call on PAC v1.5 - Ann Geyer
- ARB has been determined as the "audience" of the PAC
- The scope is purposely broad to address today's privacy needs as well as a future state/vision by including: [a] additional types of profiles from different jurisdiction (future state and vision) [b] identifying mandatory requirements today (whilst encouraging best practices to move forward).
- PAC work today will focus on the Kantara US Privacy Profile
- Document has been significantly reformed. Inclusive of an introduction, general guidance for assessors and auditors (referencing industry documents), and US Federal ID Mgmt.
- Current draft v1.5 : http://kantarainitiative.org/confluence/display/p3wg/Privacy+Assessment+Criteria+%28PAC%29
- Discussion of proposed directions on PAC v1.5
- Colin S. advises that there seems to be "implicity" in the SACs and "explicity" in the Add'l Privacy Criteria doc
- Jeff asks, how will this PAC document and the overlap or intersection with the IAWG's SACs be mitigated?
- A graphic illustrating the intersection will be necessary in all IAF and PAC docs.
- Jeff inquires whether the PAC will beg definitive "yes/no" compliance with privacy requirements, since best practices could evolve over time.
- Tom agrees that assessor criteria should be specific "black-or-white" in order to have definitive assessments against requirements.
- Colin suggests the PACs will contain both a normative and informative section which will serve to specify minimum standards whilst encouraging a better approach toward what is perceived to be a future state of privacy requirements.
- Final call for written comments on PAC v1.5
- Comments received by 23 March will be included in the updated draft (v1.6) for discussion at the 29th March ad hoc.
Â
3. AOB
- ARB will send a graphic illustrative of the ARB-BoT-Kantara WG and various document relationships.
- The ARB will also forward an introductory paragraph or two to the P3WG for inclusion in the KPAC within the next 45 days.
- Additionally, the board discussed the notion of a Privacy Opinion Letter. The IAWG is drafting its Kantara Assessment Review letter and perhaps this template will serve as an initial outline for the P3.
- Discussion on potential presentations of related activities
- APEC sub-group, in light of the work P3 is conducting around the PAC it was suggested that perhaps the wg should invite outside representatives and entertain small presentations from APEC, ISO and OASIS on their privacy developments and efforts.
- Colin provided an informal update from IDTrust.