Kantara Initiative Privacy & Public Policy Teleconference

Date and Time

Date: Thursday, 06 May, 2010
Time: 08:00 PDT | 11:00 EDT | 16:00 UTC

Meeting Minute Status

This call was not quorate and these meeting notes have not yet been approved.

Attendees

Robin Wilton
Jeff Stollman
Brett McDowell
Mark Lizar
Joni Brennan
Colin Suter

Apologies

Trent Adams
Abbie Babir

Agenda

Minutes

1. Roll Call

2. Action Item updates

Robin: Reporting back on sending a letter to Darrel Schull (through his affiliation with BIPAC) communicates regularly with CPOs. No response from Darrel.
- Privacy Module Update: This will be developed as a Whitepaper, should go out from P3, which can be used to engage with the Identity Assurance WG. Looking to see how this will develop as a detailed privacy module or a add on to IA. Goal is to have this done by May 20th and to find its direction. Trent is now working on the document.

No Update from Abbie: On OECD funding (no one on the call can go with out funding)

Jeff asked if anyone is going to join the Paris KI meeting?
- Brett will go if there is a Quorum with IA
- Robin will be there

3. Approve minutes from previous meeting

No Quorum

Approve minutes from previous meeting
a.       Minutes from 28 JAN
b.      Minutes from 04 FEB
c.       Minutes from 18 FEB
d.      Minutes from 25 FEB
e.       Minutes from 25 MAR
f.        Minutes from 01 APR
g.       Minutes from 08 APR
h.       Minutes from 15 APR
i.         Minutes from 22 APR
j.        Minutes from 06 May

4. Subgroup Reports

Workstream Foci

Mark had some ideas on scaling down the workstream foci and will send these to the list. Looking at looking at the drivers.
Jeff Going through Workstream Foci Items:
- Privacy Management Framework
  - Mark wil send email to the people/list interested and email to the WG and Jeff recommends a doodle poll to collate interest
- Rosetta Stone
  - Robin in charge of this, evolution of a paper that he has already written, he will take this on and contribute this within the next two weeks. May 20th
    - Practical guidance about how to translate policy makers, technologists and privacy folks.
    - Brett- Thinks it should be voted on by a group, at least as a report, even as a full industry recommendation
- Privacy Risk Assessment
  - Brett: Create a risk register of privacy issues, probability and imapct and try to look at from an assessment perspective
    - Consildate this objective with Robins main deliverable.
  - Privacy Capability Assessment Model/Framework - define a set of criteria
    - These two things converging the model and criterai to build an assessment criteria program
      - Risk assessment why you are doing
      - Capability model ?
- Standard Privacy Policy
  - Aaron is open for this but is not on all the call
  - Standard policies to different industries with different requirements
  - Robin: One size fits all privacy policy is a difficult tasks, would be good to get more infomration
  - Mark suggest that Iain may be interested in this as a part of a Standard Agreement Effort from the Information Sharing Working Group
- Enhancing Certificate
  - Robin: what kind of architecture to build an IDP to vaildate an assertion of identity, but also what to bind that with an assertion from a persons employer
    - Looking at participant from norweigen gov to put some energy in. This is pending
- Consent and Anti-Patterns (Edgar Whitely)
  - Consent and notice are badly implemented, and to make some examples of these bad ways, to help define better ways
- Identifiers in Public Sector E-Government
  - Closely related to certificate semantics. - Enahancin Certificates - These can be joined.
- Collaborations with IAWG
  - Privacy module is linked to this
- Space Time Data and Identity Position Paper (LIST)
  - Joe Andreu
    - No energy so it can be relegated to the wiki list
    - About privacy impact of data that is not covered by law as PII - like location data or other bits of data.
- Managing Liason with SC27 and other standards bodies
  - Abbie and Robin
    - Abbies is managing this liason
- Proactive Privacy Scan on KI Groups (LIST)
  - No Leaders so this can be relegaged
- Government Assurance Levels Whitepaper (potential List)
  - Robin: Overtaken by events
  - Brett suggests that Colin May be driving this
- Observatory on Identity Policy Initiatives
  - Brett brings up ISO document that on jurisdictional profiles
  - Profiling IAF by jurisdiction
  - Informational document

5. All Other Business

Brett asks to be more aggressive to trimming quorum.

6. Review Action Items

ACTION ITEMS

ACTION: Mark to send Charter Revision to the list and to follow up on the Privacy Management Module
ACTION:Robin and Jeff to have a sidebar conversation
ACTION: Robin -- Privacy Module & Rossetta Stone for May 20th
ACTION: Mark to touch base with Iain Henderson on Standard Agreement as A part of the Standard Privacy Policy
ACTION: Robin to contact Jan Shallenback to update on ISO document

Next Meeting

Date: Thursday, 20 May, 2010
Time: 8:00 PDT | 11:00 EDT | 15:00 UTC (Time Chart)Dial-in details:
US/Canada toll-free number: 1.866.305.1460 begin_of_the_skype_highlighting 1.866.305.1460 end_of_the_skype_highlighting begin_of_the_skype_highlighting 1.866.305.1460 end_of_the_skype_highlighting
Direct dial (toll) number: +1.416.620.1296
Attendee Code: 9247530
International toll-free numbers:
o UK: 0800 917 5847
o Netherlands: 08002659007
o Belgium: 080079491
o Japan: 00531160345
These toll-free numbers are generously provided by BIPAC.

Browser not supported