P3WG Meeting Minutes 2010-06-03

Kantara Initiative Privacy & Public Policy Teleconference

Date and Time

  • Date: 3 June, 2010
  • Time: 08:00 PDT | 11:00 EDT | 16:00 UTC

Meeting Minute Status

Attendees 

Voting

  1. Jeff Stollman
  2. Robin Wilton
  3. Rich Furr
  4. Mark Lizar
  5. Trent Adams

Non-Voting

  1. Joni Brennan
  2. Aaron Titus
  3. Anna Ticktin

Apologies and Roll Call

This is now a Quorum Call.

Agenda

  1. Roll call
  2. Action Item updates
  • Liaisons relationship with OASIS Privacy Management TC and ETSI (Abbie)
  • OECD in Israel 25-26 October (Abbie)
  • P3wg outreach to corporate CPOs (Robin)
  • Privacy Module (Trent)
  • Privacy Management Framework (Mark)
  • Privacy Risk (Jeff)
  1. Approve minutes from previous meeting
  2. Privacy news updates
  3. Privacy policy rights vs. new technology Terms Of Service (Jeff)
  4. All other business
  5. Update Roll Call
  6. Review Action Items

Minutes

1. Roll Call

Motion to move Bob Pinheiro into Non-Voting status — agreed.

Motion to change titles of Chair, to Co-Chair for Abbie, and Jeff — agreed

Joni Introduce Anna Ticktin, Technical Program Co-Ordinator for IAWG, 

2. Action Item updates
  1. OECD in Israel 25-26 October (Abbie Not On Call to Provide Update)
  2. Mark: Update on Charter Revision, Robin happy to have his name removed but Trent had previously suggested this remain the same, and after suggestions on updating the Charter there.
  3. Robin Update on BIPAC
  4. Re Ballot for including notes into Quarum.  Advise that I put that a note that these minutes to
  5. Re: Calendar - The events from the P3 group has been added to the community calendar 
    1. Follow through on sending an emal to the list on the calendar, and the matrix for event
  6. Discussed removing people from voting memebers, discussed moving Patrick Curry, and Heather West
3. Approve minutes from previous meeting

Motion to approve minutes from previous meeting as Notes from May 27 th approved.

Action: Mark on ballot for previous mintutes to update the note to clearly show there was no quorum

4. Action Item Updates

 Conference Attendance Calendar -

Action: Mark Email to list with a list of events to start tracking stuff on the calendar and for people to add there names to events and more events when they are announced.

Joni: Explained that the events are on the calendar that is accessible off of the home page and a matrix has been put on the P3 wiki for attending conferences.

Joni suggested that we can break a feed out for the P3 specific events and place this on the P3 wiki.

Robin update on the IMSPG Meeting:  The (identity management standards and policy group) brings together various members in the UK government are now re-aligning after electing a new party into governement. So this liason is being put on hold until they re-organi

Trent: Update on the Privacy Module -looking at dove tailing with the Privacy Management Framework update moving towards an identity life cycle approach. Also another person who may be getting involved from a policy perspective.  THere is a target

Mark: update on Privacy Management Framework in that there is not a lot of interest in this as a Charter Item, Mark will go through the mail archives to get the foundation of the discusion in relation to the P3 Charter.  Suggestion is to table the for the Privacy management Framework until people have more time to contribute.

The Privacy Module as perhaps a base ISO document update -

Joni to put forward a participant to track an ISO document for 29115 Authentication Assurance - IAF

Robin is tracking ISO 29190- Identity Assessmenet Model

Robin: Rossetta Stone: Introductary manual on how to discuss privacy and identity with out running into common problems.Robin asks for any comments or suggestions to be sent to him. Thanks Robin!!

Jeff & Robin: Work foci about Privacy Risk Assessmenet - Bringing up 29190 docuemnt - name is changing.  Intended to be a first time audit. Looking at information assets to gage the privacy risk out of the two things. Looking at enterprise goals and information assets to gage privacy risk. 

Jeff: Originally assessing the risk to consumers and Users rather enterprise focused.

Robin agrees this is a different perspective and discusses the use of harm as a measurement of risk. Although Robin doesnt think that harm adequetly covers the issues and gives the data loss in the UK governement. Right now it is a current discussion of what constitutes privacy risk and there is no common view.

Robin suggest that space and time data should be added to the Privacy Risk Assements that includes what is not included in personal data and is not covered by laws.  Consent Anti-Patterns  should also included as may also dovetail.

Robin suggest to move some of these to the bottom of the list or included in other efforts.

Last weeks minutes are approved.

5. All Other Business

Meeting Next Week

6. Review Action Items

ACTION ITEMS

  • ACTION: Mark: Calendar Updated Msg for Liaisons, Meetings, Conferences. Include the Matrix on the P3 page
  • ACTION: Mark: Update ballot to the list ask meeting notes to be passed into minutes
  • ACTION: Mark: Check call numbers to be sure they work

Next Meeting

  • Date: Thursday, 17 June, 2010
  • Time: 8:00 PDT | 11:00 EDT | 15:00 UTC (Time Chart)Dial-in details:
  • US/Canada toll-free number: 1.866.305.1460
  • Direct dial (toll) number: +1.416.620.1296
  • Attendee Code: 9247530
  • International toll-free numbers:
    o UK: 0800 917 5847
    o Netherlands: 08002659007
    o Belgium: 080079491
    o Japan: 00531160345
       These toll-free numbers are generously provided by BIPAC.