Meeting notes from September 8, 2014

From IDESG Wiki
Jump to navigation Jump to search

9/8/14 Privacy Requirements Working Group Meeting Notes

Attendees:

  • Sarah Branam
  • Doug Blough
  • Jeff Brennan
  • Sean Brooks
  • Jessica Esparza
  • Jim Fenton
  • Ryan Galluzzo
  • Naomi Lefkovitz
  • Ellen Nadeau
  • Ann Racuya-Robbins
  • Stuart Shapiro

Meeting Notes

Requirement: Organizations shall, upon any material changes to a service that affect the collection, use, dissemination, or maintenance of users' personal information: a) provide clear and concise descriptions of the changes and their impacts on users and b) provide users the option of terminating their service and meet other stated requirements on termination and retention.

  • Consider the definitions of material change and personal information.
    • Ann recommends defining these two terms.
    • Doug says this is relevant to several requirements. Using one consistent term for “personal information” throughout would be useful.
    • Sean suggests maintaining a broad definition for now, and collaborating with other committees in the next phases to further clarify definitions.
    • Stuart provides basic personal “information” definition. He will circulate this on the listserv and elicit feedback.
  • Discuss FTC policies and opt-out vs. opt-in.
    • Could potentially add, between A and B, an opportunity to secure affirmative acceptance of the proposed changes to the service.
    • Important to consider how to proceed if someone doesn’t want to terminate service, but disagrees with a company’s change in policies.
    • Do people have a better understanding of, or control over, their privacy with an opt-in option?
  • Specify adequate or reasonable advanced notice.
    • Jim suggests inserting “reasonable advanced notice” at the beginning of part A of the requirement.
    • Stuart says this could be a sub-requirement of the high-level requirement.
  • Important to recognize the ideal vs. market realities.
    • Focus is on traction for the first iteration; ultimate goal is effective privacy. Future versions provide opportunities to delve deeper.

Actions

  • Stuart will send out his definition of personal information to the listserv.
    • Others will provide feedback via email.
    • If needed, 10 minutes max of next meeting will be for further discussion.
    • Plenary time could also be used to continue discussing this requirement.
  • Next meeting (9-15-14) will focus on requirements writing. Sean will be absent