Omaerz: 1 revision imported: Initial Upload of old pages from IDESG Wiki

2018-06-28T04:02:17Z

1 revision imported: Initial Upload of old pages from IDESG Wiki

New page

'''7/7/14 [[Privacy Requirements]] Working Group Meeting Notes'''

== Agenda ==
* 4:00-4:05 - Call begins, call for notetaker
* 4:05-4:20 - Review Requirement: "Organizations shall be accountable for how information is actually used and provide mechanisms for compliance, audit, and verification."
** Is "data" and "misuse" too limiting of a scope for redress? It could, for example, include asking for too much data.
** Redress should be available to correct a wider range of concerns about the relationship between individuals and organizations
* 4:20-4:35 - Review Requirement: "Where individuals make choices regarding the use of their data (such as to restrict particular uses), those choices shall be automatically applied to all parties with whom that individual interacts."
* 4:35-4:50 - Review Requirement: "Organizations shall utilize identity solutions that enable a variety of transactions, including anonymous, anonymous with validated attributes, pseudonymous, and uniquely identified."
* 4:50-5:00 - Wrap-up

== Meeting Notes ==
* Requirement: "Organizations shall be accountable for how information is actually used and provide mechanisms for compliance, audit, and verification."
** Edit: "Organizations shall be accountable for conformance to these requirements, and provide mechanisms for auditing, validation, and verification."
** Will need to provide definitions for the auditing, validation, and verification.
* Requirement: "Organizations shall provide effective redress mechanisms for, and advocacy on behalf of, individuals who believe their data may have been misused."
** Edit: "Organizations shall provide effective redress mechanisms for, and advocacy on behalf of, individuals who believe their rights under these requriements have been violated."
** See Requirement 6 comments.
** Is "data" and "misuse" too limiting of a scope for redress? It could, for example, include asking for too much data.
** Redress should be available to correct a wider range of concerns about the relationship between individuals and organizations"
* Requirement: "Where individuals make choices regarding the use of their data (such as to restrict particular uses), those choices shall be automatically applied to all parties with whom that individual interacts."
** Edit: "Where individuals make choices regarding the treatment of their information (such as to restrict particular uses), those choices shall be automatically applied to all parties downstream from the initial transaction."
** There will need to be recognition in the functional requirements for different choices across contexts.
*Requirement: "Organizations shall utilize identity solutions that enable a variety of transactions, including anonymous, anonymous with validated attributes, pseudonymous, and uniquely identified."
** Edit: "Organizations shall, where feasible, utilize identity solutions that enable transactions that are anonymous, anonymous with validated attributes, pseudonymous, and/or uniquely identified."
** "Feasible" will need to be defined, including a method for justifying why organizations chose not to include this functionality (beyond just basic cost-benefit analysis).
**Decision tree can be used to illustrate these justifications."

* Actions:
** Stuart Shapiro to provide additional Derived Requirements
** Sean Brooks to develop comment format for Functional Requirements

== Attendees ==
* Sean Brooks
* Sarah Branam
* Jim Zok
* Jim Fenton
* Stuart Shapiro
* Edmund Jay
* Jeff Brennan
* Jennifer Behrens
* David Bruggeman
* Michael Garcia

Meeting notes from July 7, 2014 - Revision history

Omaerz: 1 revision imported: Initial Upload of old pages from IDESG Wiki