Meeting notes from October 27, 2014

From IDESG Wiki
Jump to: navigation, search

10/27/14 Privacy Requirements Working Group Meeting Notes

Attendees

  • Dough Blough
  • Jeff Brennan
  • Sean Brooks
  • David Bruggeman
  • Jessica Esparza
  • Jim Fenton
  • Edmund Jay
  • Naomi Lefkovitz
  • Ellen Nadeau
  • Ann Racuya-Robbins


Meeting Notes

New Requirements Process

  • Sean proposed working on core operations instead of each function - consolidating 5 sheets into 1 – to speed up the requirements process.
  • Group approved this process by consensus.

Functional Requirements Edits

  • Requirement: “When a relationship between an individual and an organization is terminated, or the organization ceases to participate in the Identity Ecosystem, the organization shall, while maintaining the security of individuals' information, transfer that information to the individual upon their request and destroy it unless they request otherwise.”
    • Registration: Any captured attributes should be made available in an open format for users to download and migrate to other services.
    • Discussed clarity of “that information”; not all providers capture/store at this phase; attributes are perhaps a more incidental part of registration.
  • Requirement: “Organizations shall be accountable for conformance to these requirements, and provide mechanisms for auditing, validation, and verification.”
    • Checked box for registration.
  • Requirement: “Organizations shall provide effective redress mechanisms for, and advocacy on behalf of, individuals who believe their rights under these requirements have been violated.”
    • Registration: Organizations shall provide individuals the source of any verification or information that leads to an eligibility decision. If individuals seek redress, they must be provided with a mechanism to dispute or change errorenous information at the source of the information.
    • Redress isn’t about appealing their decision, but rather understanding where info came from. There are 2 organizations involved – one doing registration, and another providing info. Where is someone disputing the info – with the source? It’s up to the source to provide a dispute resolution process, and point users to the redress mechanisms they provide.


Actions

  • Group will continue down registration column at next meeting (11/03).