Omaerz: 1 revision imported: Initial Upload of old pages from IDESG Wiki

2018-06-28T04:02:17Z

1 revision imported: Initial Upload of old pages from IDESG Wiki

New page

'''[[Privacy Requirements]] Working Group Meeting notes from June 16, 2014'''

Requirement: "Organizations shall provide concise, meaningful, timely, and easy-to-understand notice to end-users on how they collect, use, disseminate, and maintain personal information...."
* What is "superfluous leakage"? Who does it leak to?
* Are there good leakages?
* Is anything that is not in the EULA include superfluous leakage?
* Should service agreements dictate the boundries of information collection? What if the agreement is too broad?
* Can this be a positive?
* Privacy-enhancing technology is how, not what. too much influence on implementation.

Requirement: "Organizations shall only transmit minimally-necessary information."
* What are IDP's going to say there?
* Much of data minimization covered by requirement 2.

Requirement: "Organizations shall provide appropriate mechanisms to allow individuals to access, correct, and delete personal information."
* Are there situations in which the ability to remove information is undesirable?
* What if it disrupts functionality of the service?
* What does "appropriate" cover?
* Would this requirement, as worded, help individuals point organizations toward new information they may not already hold? Does mechanism hold that?
* Does "appropriate" cover the size/scope of an organization? Do we need to cover that in functional requirements.
* Can this requirement be a good place to provide a decision tree to determine what appropriate is?

Meeting notes from June 16, 2014 - Revision history

Omaerz: 1 revision imported: Initial Upload of old pages from IDESG Wiki