Meeting notes from July 28, 2014

From IDESG Wiki
Jump to: navigation, search

7/287/14 Privacy Requirements Working Group Meeting Notes

Meeting Notes

Risk: Breach of Trust

  • Tabled until 8/4/14 - Stuart Shapiro to provide proposed edits.

Risk: Distortion

  • Requirement: Prior to transmitting an individual's information to another organization, organizations shall ensure that all data quality obligations have been met.
    • Comment: In the case that both organizations belong to a larger consortium/entity that has governing agreements about data quality standards, this requirement may be met by conforming to those requirements.

Risk: Exclusion

  • PRWG agreed other subject-matter committees may have requirements to cover this risk.

Risk: Induced Disclosure

  • Requirement: Organizations shall clearly indicate to individuals what personal information is mandatory and what information is optional prior to the transaction.
    • Comment: In functional requirements, we should discuss how organizations should communicate "mandatory" (e.g. more than a "*"), and "optional" and provide guidance about how to clearly communicate the exchange of information for level of service with users.'

Risk: Insecurity

  • Requirement: Organizations shall maximize use of architectural and technical point controls for privacy.
    • Comment: More clarity about how to realize this will been defined during the decision tree/functional requirement analysis.

Actions:

  • Stuart Shapiro to provide proposed edits to Breach of Trust risk requirement
  • Ann Racuya-Robbins to prepare definitional draft for functional requirements work on "Valuation" concept in Appropriation risk requirement.