Agenda

1. Roll Call

Mark Lizar
Anna Slomovic
Colin Wallis

Staff

Anna Ticktin

2. Updates

-

Started the meeting discussing Federation Specific Use cases for Privacy Assessment Criteria

For Security Services (police,) they have internal process and no need for a PAC between federated security forces

F2F - Joint Session on PAC

1. P3WG needs to finalize the PAC document by compiling, discussing and adjudicating the comments that have been collected on the draft.

2. P3WG will submit the document for comment to IAWG with particular emphasis on areas of possible overlap, such as requirements for notice/service description and definitions.

3. IAWG will provide raw comments to P3WG and the two groups, jointly, can determine what the overlapping items should contain and where they should go. E.g., if the privacy notice will be included in the mandatory service description within the IAF, then P3 can provide the required privacy elements of that service description, such as a listing of all data that will be collected and/or verified by the CSP.

4. The PAC can then go for broader discussion with the relevant communities.

Additionally, before step 1 above can be completed, P3 needs to raise a strategic issues up to Kantara leadership about whether PAC should go beyond FICAM requirements. For example, FICAM discusses only data disclosure to federal applications. If a CSP is to be “Kantara certified” for privacy, should there be other requirements, such as additional notices to the data subject, internal privacy policies and training requirements (in addition to the internal security requirements currently in the IAF), etc.?

Anna S, Report -->
Need to summarize the mechanisms to sort through the comments and have a finalized version of the documents we have.
- We need a starting document to present to the list
For instance. P3 will determine the types of notices and what a PAC should cover and what IAWG should cover
- IAWG on the hand Requires A Description of Service
- we need to clarify these points.
P3 needs to examine the Notice process
- Need to decide if it is one notice or multiple notices
- competing notices
Jeff S - Raised need at the F2F to Create a list of questions for FICAM
Questions to FICAM Requirements -
- Realtime Consent,
- Realtime Notice
- No-Ability in realtime to sort What attributes are given and what attributes are not.
Anna T - captured milestones and inputs for the PAC effort and this is now available on the wiki P3-PAC Roadmap

3.PAC Milestones

Actions: Create an Update and Summary on the PAC for the SG list - WIki Page, Electronic Copies of the Document, Feedback F2F - RoadMap - Status Report
- Purpose
- Know Questions

---. List of questions and challenges,

Anna T - will circle with Joni

4. Collin Report on

29190 Proposed Working Draft 3 of the Privacy Assessment Capability Framework. -- was received by ISO SC 27.

UK National Body - ALan Shipman - Group 5 Training. - Has agreed to take on editing on behalf of the UK national body. He will formalise drafts into a working draft 3.
P3 will be able to comment on these drafts
P3 Have direct relationship with ISO SC 27 --> SC 27 wants to know why ? (administrative overhead)

5. P3- Nominations

Hold Nominations over the month of November -
Close Nominations by the 30th of November 5pm and
Hold elections on the call or hold elections over the next week on the list (if no quorum).

Next meeting

Action: get in touch with Dan C. to reschedule a presentation from HIAWG.

Browser not supported