P3WG Plenary Meeting 04 October 2012

Date and Time

Date: Thursday, 4 October 2012
Time: 08:00 PT | 11:00 ET | 15:00 UTC (time chart)
Dial in info:
Skype: +99051000000481 North American Dial-In: +1-805-309-2350
Conference ID: 402-2737

Agenda

Administration:

Roll Call
Agenda Confirmation
Minutes for approval

P3WG Meeting Minutes 2012-09-06

2. Privacy Assessment Criteria

3. AOB

Face to face meeting in Washington, DC

4. Adjourn

Attendees

Voting

Bill Braithwaite
Mark Lizar
Anna Slomovic
Colin Soutar

Quorum was attained with 4 of 7 voting members present.

Non-Voting

Peter Capek
Gershon Jannsen
Jeff Stollman
Colin Wallis

Minutes & Notes

Administration

Motion for minutes -

Motion to approve by Anna; Bill seconds; no discussion, minutes approved by unanimous consent

Discussion

2. Privacy Assessment Criteria

Termination clause.

Jeff – how can this be enforced?

Suggested language from the group:

"As part of the accreditation process, the CSP must demonstrate that it has sufficient means and process, e.g escrow, to support the protection of PII in the event that it ceases to provide CSP services, until the PII preservation is no longer required by law."

In the event that the Subject decides to terminate use of the Service:

"As part the accreditation process, the CSP must demonstrate that, in the event that the Subject terminates use of the CSP Service and requests destruction of their PII, that the CSP will do so, unless otherwise precluded from doing so by law."

There was a discussion regarding the Clear trusted traveler program and how the PII were "escrowed" in that case by the US government. No further details were available on the call, but it appeared that it would be interesting to understand more about this process.

It was stated that Tom would likely have some good input on the proposed text above.

Changes in the Service

Suggested language from the group

"At the time of accreditation, the CSP must provide to the accreditor the process that it would use to notify Changes of Services, along with an example. The notification should include the following: indication that the changes should be clearly highlighted; and the Subject is given the option to continue participation or to terminate, in which case the Subject’s PII are deleted."

Transfer of ownership was also discussed, as a specific Change in Service.

Does accreditation automatically flow with an acquired organization - or does it need to be re-accredited.

It was proposed that in order to maintain the accreditation – notice must be provided by the CSP to Kantara, who may then chose to have all or parts of the Service re-accredited.

Action

Colin to seek clarification from the ARB, copying IAWG.

3. AOB

Face to face meeting in Washington DC

In addition to the items that were included in the August face to face agenda, the group considered that it would be useful to provide a Powerpoint overview of the progress to date on the PAC.

4. Adjourn

Call closed @ 12:06 EDT

Browser not supported