Meeting notes from October 20, 2014

From IDESG Wiki
Jump to navigation Jump to search

10/20/14 Privacy Requirements Working Group Meeting Notes

Attendees

  • Jennifer Behrens
  • Doug Blough
  • Jeff Brennan
  • Sean Brooks
  • David Bruggeman
  • Jessica Esparza
  • Edmund Jay
  • Naomi Lefkovitz
  • Ann Racuya-Robbins
  • Stuart Shapiro

Meeting Notes

Functional Requirements Edits

  • Requirement 1: “Organizations shall limit the collection and transmission of information to the minimum necessary to fulfill the transaction’s purpose and related legal requirements.”
    • Attribute control – may need to further define “claim”.
  • Requirement 8: “When a relationship between an individual and an organization is terminated, or the organization ceases to participate in the Identity Ecosystem, the organization shall, while maintaining the security of individuals' information, transfer that information to the individual upon their request and destroy it unless they request otherwise.”
    • Application, attribute verification & eligibility decision: N/A
    • Attribute control: Attributes should be made available in an open format for users to download and migrate to other services.
    • Define the relationship; perhaps use the voluntary participation section to explain what an org is doing with unfinished applications. This could be dealt with in a sub requirement.
    • Discussed changing to “while maintaining the security and privacy…” Ann will write up why we want to include privacy here, and discussion will continue via email.

Actions

  • All will continue discussion via email and wrap up requirement 8 at the beginning of the next meeting (10/27).
  • Ann will write up the possibility of - and reasoning behind - adding “and privacy” to requirement 8.
  • Sean will post meeting notes and updated document to the wiki.