Meeting notes from July 28, 2014
From IDESG Wiki
7/287/14 Privacy Requirements Working Group Meeting Notes
Risk: Breach of Trust
- Tabled until 8/4/14 - Stuart Shapiro to provide proposed edits.
- Requirement: Prior to transmitting an individual's information to another organization, organizations shall ensure that all data quality obligations have been met.
- Comment: In the case that both organizations belong to a larger consortium/entity that has governing agreements about data quality standards, this requirement may be met by conforming to those requirements.
- PRWG agreed other subject-matter committees may have requirements to cover this risk.
Risk: Induced Disclosure
- Requirement: Organizations shall clearly indicate to individuals what personal information is mandatory and what information is optional prior to the transaction.
- Comment: In functional requirements, we should discuss how organizations should communicate "mandatory" (e.g. more than a "*"), and "optional" and provide guidance about how to clearly communicate the exchange of information for level of service with users.'
- Requirement: Organizations shall maximize use of architectural and technical point controls for privacy.
- Comment: More clarity about how to realize this will been defined during the decision tree/functional requirement analysis.
- Stuart Shapiro to provide proposed edits to Breach of Trust risk requirement
- Ann Racuya-Robbins to prepare definitional draft for functional requirements work on "Valuation" concept in Appropriation risk requirement.