Meeting notes from June 9, 2014

From IDESG Wiki
Jump to navigation Jump to search

Notes from June 9, 2014 Privacy Requirements Working Group Meeting

Meeting Notes

Derived Requirement: "Organizations shall provide concise, meaningful, timely, and easy-to-understand notice to end-users on how they collect, use, disseminate, and maintain personal information."

  • Notice: Creating privacy policies is very difficult to do appropriately without turning into legalese.
  • Transparency is not the same as Notice
  • Notice may be a loaded term - not necessarily a privacy policy

Derived Requirement: "Organizations shall minimize data aggregation and linkages across transactions. Organizations shall use privacy-enhancing technology that: minimizes the transmission of unnecessary information; eliminates the superfluous “leakage” of information that can be invisibly collected by third parties; minimizes the ability to link credential use among multiple service providers."

  • Requirement 5 is too compacted, should be broken out into sub-topics. Will discuss in the next meeting - proposed subtopics included in updated comment tracker.

New version of requirements comment tracker uploaded here.

Attendees

  • Matt Thompson
  • Sean Brooks
  • Edmund Jay
  • Stuart Shapiro
  • M.A. SIgnorino
  • Ann Racuya-Robbins
  • Sarah Branam
  • Jim Zok
  • David Bruggeman
  • Jennifer Behrens
  • Amanda Stallings
  • Phil Lam
  • E Anwar Reddick
  • Scott David
  • Naomi Lefkovitz