Meeting notes from July 28, 2014: Difference between revisions
Jump to navigation
Jump to search
m (1 revision imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:02, 28 June 2018
7/287/14 Privacy Requirements Working Group Meeting Notes
Meeting Notes
Risk: Breach of Trust
- Tabled until 8/4/14 - Stuart Shapiro to provide proposed edits.
Risk: Distortion
- Requirement: Prior to transmitting an individual's information to another organization, organizations shall ensure that all data quality obligations have been met.
- Comment: In the case that both organizations belong to a larger consortium/entity that has governing agreements about data quality standards, this requirement may be met by conforming to those requirements.
Risk: Exclusion
- PRWG agreed other subject-matter committees may have requirements to cover this risk.
Risk: Induced Disclosure
- Requirement: Organizations shall clearly indicate to individuals what personal information is mandatory and what information is optional prior to the transaction.
- Comment: In functional requirements, we should discuss how organizations should communicate "mandatory" (e.g. more than a "*"), and "optional" and provide guidance about how to clearly communicate the exchange of information for level of service with users.'
Risk: Insecurity
- Requirement: Organizations shall maximize use of architectural and technical point controls for privacy.
- Comment: More clarity about how to realize this will been defined during the decision tree/functional requirement analysis.
Actions:
- Stuart Shapiro to provide proposed edits to Breach of Trust risk requirement
- Ann Racuya-Robbins to prepare definitional draft for functional requirements work on "Valuation" concept in Appropriation risk requirement.