P3WG Meeting Minutes 2012-04-05
Attendees:
Tom Smedinghoff
Anna Slomovic
Myisha Frazier
Bill Braithwaite
Susan Landau
Ann Geyer
Colin Wallis
Mark Lizar
Colin Soutar
Staff:
Anna Ticktin
MINUTES:
1. Administrative:
- Roll Call
- Motion for minutes approval: 22 March 2012
- Bill Braithwaite moves to approve. Ann seconds. With no further discussion, the minutes are approved.
2. PAC---discussion con'td
- Officers note that they are drafting a charter document that illustrates the landscape of privacy documents today so that the editors of P3 can reference as issues are confronted.
- KI seems to be calling for 3 types of documents: 1) a privacy requirements document for compliance by CSPs (potentially drafted by IAWG?), 2) PAC document(s) written to reference a particular requirements doc (in this case, FICAM) for auditors or assessors to utilize in their reviews of CSPs (scope contained by the primary doc it references/enforces), 3) privacy guidance doc which lays out non-normative best practices going forward (aspirational document).
Comments:
- Anna---P3 should define "Privacy Requirements" as this is the forum with privacy SMEs.
- Susan---believes that the PAC could be both informative and normative with sections clearly highlighted in the document for assessors. If they remain in separate documents, they could go unread and the PAC could lose it's teeth.
- Colin S.--- elevates the concern about drafting a document that current laws don't regulate.
- Colin W.--- currently, we have requirements and no assessment criteria. That guidance was needed: yesterday!
- Colin S.--- adding jurisdictional requirement could be impractical re: version control.
Consensus:
- Guidance should be delivered by P3 and it should be the authoratative privacy source.
- Tom will revise the proposed general charter document to the group capturing a path and deliverables around the PAC.
- The wg will look to review this doc in 2 weeks.
- On next Thursday's working session, Ann will lead more editorially focussed efforts on the PAC.
3. AOB
- Privacy Presentations (AIPEC, OASIS, ISO) meetings could be scheduled to join once a month or every two months, depending on the needs P3 has around their own work efforts.