Meeting notes from May 12, 2014

From IDESG Wiki
Revision as of 04:02, 28 June 2018 by Omaerz (talk | contribs) (3 revisions imported: Initial Upload of old pages from IDESG Wiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notes from May 12, 2014 Privacy Requirements Working Group Meeting

PRWG wants to shift strategies to massage existing derived requirements

  • Quick turnaround
  • Potentially add in some more info regarding risks
  • Want to burrow down after that and build out a "something" that defines what requirements
    • "construct trees" in order to view privacy chains of action/events
  • Don't want to "radically" rework the requirements
  • Some general high level requirements may be missing - group wants to review to identify those
  • Is the audience for these requirements something other than a trustmark review process?

Derived requirements:

  • "Organizations shall limit the collection and transmission of information to the minimum necessary to fulfill the transaction’s purpose and related legal requirements."
    • Within the context of these derived requirements, "Transaction" refers to identity-specific transactions
    • Data minimization principles should apply to all transactions - including those conducted anonymously and pseudonymously
  • "Organizations shall limit the use of the individual’s data that is collected and transmitted to specified purposes."
    • Proposed change: "…to specify transactional purposes."
    • Proposed change: "… to the specific purposes for which the information was collected."
Retrieved from "https://wiki.idesg.org/index.php?title=Meeting_notes_from_May_12,_2014&oldid=4774"