Omaerz: 1 revision imported: Initial Upload of old pages from IDESG Wiki

2018-06-28T04:02:17Z

1 revision imported: Initial Upload of old pages from IDESG Wiki

New page

'''7/287/14 [[Privacy Requirements]] Working Group Meeting Notes'''

== Meeting Notes ==

Risk: Breach of Trust
* Tabled until 8/4/14 - Stuart Shapiro to provide proposed edits.
Risk: Distortion
* Requirement: Prior to transmitting an individual's information to another organization, organizations shall ensure that all data quality obligations have been met.
** Comment: In the case that both organizations belong to a larger consortium/entity that has governing agreements about data quality standards, this requirement may be met by conforming to those requirements.
Risk: Exclusion
* PRWG agreed other subject-matter committees may have requirements to cover this risk.
Risk: Induced Disclosure
* Requirement: Organizations shall clearly indicate to individuals what personal information is mandatory and what information is optional prior to the transaction.
** Comment: In functional requirements, we should discuss how organizations should communicate "mandatory" (e.g. more than a "*"), and "optional" and provide guidance about how to clearly communicate the exchange of information for level of service with users.'
Risk: Insecurity
* Requirement: Organizations shall maximize use of architectural and technical point controls for privacy.
** Comment: More clarity about how to realize this will been defined during the decision tree/functional requirement analysis.

Actions:
* Stuart Shapiro to provide proposed edits to Breach of Trust risk requirement
* Ann Racuya-Robbins to prepare definitional draft for functional requirements work on "Valuation" concept in Appropriation risk requirement.

Meeting notes from July 28, 2014 - Revision history

Omaerz: 1 revision imported: Initial Upload of old pages from IDESG Wiki