P3WG Meeting Notes 2011-08-11
Attendees:
Anna Slomovic
Colin Soutar
Hedy Kirkby
Colin Wallis
Colin Soutar
Tom Smedinghoff
Peter Capek
Bill Braithwaite
Apologies:
None
Staff:
Dervla O'Reilly
Minutes:
1. Roll Call - (Quorum Not Reached)
2. Privacy Assessment Criteria---status update
Anna S spoke with Joni and Bob. Go with first draft with $7,500 as planned. Interest in putting in additional money, we will complete the first draft. The first draft should be ready in the next few days (prior to when Joni is out of the office).
3. NIST
Anna added language for appendix J and FICAM profile. We should comment on support of the privacy controls to Appendix J. Mark is going to put together an Appendix. Hedy is now unable to provide input. Focus on the Interoperability in US and specific jurisdictions. Is there a more general commentary approach we can take and float through jurisdictions, then find a commonality.
ACTION 20110811-01 Colin Soutar will prepare a draft document and send to the group.
4. Attribute Management DG:
- The Draft Charter was sent Aug. 10, the DG will deal with Attribute Management noting there is a privacy component (data collection, redress & consent management). Looking to find out what groups are working on attributes, find any gaps.
- A bullet in the Charter regarding consent management should be updated to reflect "Privacy (Notice, Choice and Control, Correction/Redress)"
5. Google Real Names policy
Is Google LOA 1? Do people agree to the terms of service? No major discussion on the is topic.
6. ISO Review Documents
A new set of review documents has been posted to the BoT Liaison Sub-Committee (LSC) space http://kantara.atlassian.net/wiki/display/lsc/Home. This review is due on Sept 10, 2011 and last comments are requested from Kantara Members by Sept 5.
Apply ISO 15504 to the S. African work. ISO 15504 is very close to the maturity model. Colin Wallis has prepared some comments. Perhaps we could frame a contribution along the lines using that as a model to move the work along a little. When Colin Wallis has more details, he will post to the BoT Liaison Committee page (http://kantara.atlassian.net/wiki/display/lsc/Home)
Question from Colin Soutar regarding the relevance of ISO 29190 Privacy Capability Maturity Model to a contemplated response to NIST 800-53-J.  If we are going to talk about international aspects or potential synergies with NIST 800-53-J, should we not also invoke the appropriate references to ISO, OASIS, ITU-T, etc...?
7. Actions:
ACTION 20110811-01 Colin Soutar will prepare a draft document and send to the group.