P3WG Meeting Minutes 2012-04-19
Attendees:
Voting (9 of 9):
Anna Slomovic
Myisha Frazier
Bill Braithwaite
Susan Landau
Ann Geyer
Mark Lizar
Colin Soutar
Peter Capek
Aaron Brauer-Rieke
Non-Voting:
Tom Smedinghoff
Nathan Faut
MINUTES:
1. Administrative:
- Roll Call
- Motion for approval of 5 April 2012 minues.
- Anna Slomovic moves to approve. Peter Capek seconds. With no further discussion, the minutes are approved.
- Approval of Agenda – with addition of a discussion of listserve comments on ARB text for PAC to be addressed in AOB.
2. Privacy Assessment Criteria
*a. Review and discussion of draft P3WG Privacy Work Charter (http://kantarainitiative.org/confluence/display/p3wg/PAC+Work+Charter)*
- It was highlighted that this document, drafted by Tom with input from Colin and Ann, is intended to reflect the document charter of the P3WG, in support of the original P3 Working Group charter.
- Tom provided an overview of the proposed Work Charter. The Privacy Assessment Criteria document is obviously focused on the FICAM Privacy Requirements at this time.
- There was discussion regarding the Privacy Guidance Document(s) and whether it should be re-titled/positioned as “Best Practices”, including “forward-looking” topics and “high-level” background. It was pointed out that the word “guidance” may be somewhat ambiguous.
- There was further discussion regarding such best practices, and that they could be “proactive” in light of emerging trends as opposed to “reactive” to regulatory investigations.
- There was general agreement that the document reflected the intended Work Charter of the group, but there were some areas of the document that could be refined, so specific comments should be solicited.
ACTION
Call for comments on the draft P3WG Privacy Work Charter (http://kantarainitiative.org/confluence/display/p3wg/PAC+Work+Charter) – closes end of day 1 May 2012.
- Specific Areas that were discussed and may be the subject of comments:
- Re-naming of the Privacy Guidance Document.
- How detailed should the Privacy Assessment Criteria be?
- The goal will be to consider a Motion for Approval of the P3WG Privacy Work Charter on the 3 May 2012 call.
b. update from PAC working session
- Ann Geyer reviewed the progress from the 12 April 2012 PAC working session.
- As agreed at the 5 April 2012 P3WG meeting, each of the criteria from the FICAM profile will be discussed individually and proposed text will be added in to the PAC document. Once each criterion has been discussed in this way, the overall set will be issued for review and comments. The criteria will be considered in light of the three auditor actions: Observe, Inquire, Inspect.
- The group discussed Informed Consent as the first criterion, considering the credential lifecycle from registration to issuance to usage, and discussed the forms of evidence that could be expected to be provided to auditors.
- It was noted that there are some discrepancies between the criteria discussed in the FICAM Guidance document (http://www.idmanagement.gov/documents/Guidance_for_Assessors.pdf) and the FICAM requirements document (http://kantarainitiative.org/confluence/download/attachments/45057040/Kantara+Initiative_IAWG_US+FPC+Report_v2.0.pdf). It was suggested that the P3WG should note these discrepancies (probably in the P3WG Privacy Guidance/Best Practices Document, as opposed to the FICAM Privacy Assessment Criteria Document) and ensure that both the ARB and the FICAM sub-committee are aware of them.
3. AOB
- There was a brief discussion about the listserve discussion regarding the ARB background text for inclusion in the PAC document. It was suggested that such discussion will be clarified by the maturation of the P3WG Privacy Work Charter document.
Reference Material:
- The following reference was discussed for review:
- “Privacy on the Books and on the Ground”
- Kenneth A. Bamberger and Deirdre K. Mulligan