Fwd: [pbd-se] Uber review of the reviews of wd04 R2

[Dawn Jutla <dawn.jutla@gmail.com>]

Thanks Gail for taking the time to monitor and comment on the work as we seek to put out the first CSD document. 

Your comments below are now distributed to the TC. 

Best,
Dawn.

P.S. Sander, we will no doubt have several updates after a first CSD is put out as well. Chet has mentioned that some TCs put out as many as 7 CSD updates before going to public review. 

---------- Forwarded message ----------
From: Gail Magnuson <gail.magnuson@gmail.com>
Date: Mon, Jun 16, 2014 at 1:27 PM
Subject: Fwd: [pbd-se] Uber review of the reviews of wd04 R2
To: Dawn Jutla <dawn.jutla@gmail.com>

Hi Dawn,

Here are my comments. I am not certain who did not receive them, per the email below.

Best, Gail

_______________________________________________________________________

This is the mail system at host lists.oasis-open.org.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<pbd-se@lists.oasis-open.org>: permission denied. Command output: Sorry, only
    certain individuals may post to this committee. If you participate in this
    committee and have posting privileges, but are having trouble posting,
    please forward this error message to admin@lists.oasis-open.org (#5.7.2)
    ERROR: postqmail-local Error #77

Final-Recipient: rfc822; pbd-se@lists.oasis-open.org
Original-Recipient: rfc822;pbd-se@lists.oasis-open.org
Action: failed
Status: 5.7.0
Diagnostic-Code: x-unix; Sorry, only certain individuals may post to this
    committee. If you participate in this committee and have posting
    privileges, but are having trouble posting, please forward this error
    message to admin@lists.oasis-open.org (#5.7.2) ERROR: postqmail-local Error
    #77

---------- Forwarded message ----------
From: Gail Magnuson <gail.magnuson@gmail.com>
Date: Mon, Jun 16, 2014 at 12:16 PM
Subject: Re: [pbd-se] Uber review of the reviews of wd04 R2

To: "Mr. Colin Wallis" <Colin.Wallis@dia.govt.nz>
Cc: "pbd-se@lists.oasis-open.org" <pbd-se@lists.oasis-open.org>

Hi,

I too have reviewed the document and associated comments and support them.

I specifically support Stuart's comments on page 6, especially, "This is too narrow; the principles apply just as much to paper records as digital technologies as is mentioned later in the document. It also implicitly excludes business processes.". 

Having spent the first half of my career building systems and designing processes and the second half of my career in data protection/privacy, I have found that those Privacy Officers and Programs that address data protection/privacy from a holistic perspective are those that are the most successful in their implementation efforts.  

Secondly I support Colin's recommendation to move Chapter 5 to the appendix for the following reason:

Chapter 4 (the mapping between the seven PbD principles and the documentation that software engineers must or should produce or reference throughout the software development lifecycle - from software conception to retirement) provides a very succinct summary of the documents (or information) that are required throughout the design processes (of products, business processes and technologies). 

I was expecting Chapter 5 to be ordered by the documents listed in Chapter 4 with samples. 

This takes me to two other overall observations and thoughts about the work, which I find extremely comprehensive and impressive. 

The first is the overall challenge to compress the requirements identified in Chapter 2 and 4 into more simplified, actionable and achievable processes for data protection/privacy professionals and their business partners

The second is to take advantage of the existing design and implementation tools/information that are available to business process and systems engineers and integrate data protection/privacy into those tools, rather than the reverse 

Respectfully, I have not been a part of the overall dialog and development of this work, so my additional suggestions might not be applicable. They are:

I might suggest that you consider moving Chapter 3 to follow Chapters 2 & 4 for two reasons. The first is that the that the operational requirements are very demanding. The second, is that you might find that you might find following this order that Chapter 3's contents might become more streamlined

I do hope that these observations are helpful as data protection/privacy issues are growing and it is critical that those in the profession are able to assist our business partners in protecting personal data.

Best, Gail 

  

Gail Magnuson, LLC

Gail Ann Magnuson
Mobile: 1.704.232.5648
Residence: Ponce Inlet, FL

Mailing Address
4624 Harbour Village Boulevard #4406
Ponce Inlet, FL 32127

On Mon, Jun 16, 2014 at 2:30 AM, Mr. Colin Wallis <Colin.Wallis@dia.govt.nz> wrote:

Folks,

I've looked at the comments circulated, at the time of this email (ss, sabo and sf). Broadly I support them (easier where proposed text has been provided!)and they more than cover my main areas of concern which were the normative text in Section 2, and Section 5 moving to an appendix.

The only area that does not seem to be covered is the Introduction, where on the call, we agreed that the text needs to be modified to recognize the role of the organization's governance processes in overseeing the efforts of the software engineer in respect of PbD.
To that end, I offer a start on the following..

From 1: Introduction: The PbD-SE specification helps engineers to visualize, model, and document PbD requirements and embed the principles within software engineering tasks. Add..**It also helps inform those organizational governance processes that oversee the engineers**.

From 1.1: The protection of privacy in the context of software engineering requires normative judgments to be made on the part of software engineers, add..**in the context of organization-wide governance of privacy protection**.

1.2 and 1.3 seem to be OK as is.

Cheers
Colin
   

--

Gail Ann Magnuson
Mobile: 1.704.232.5648
Residence: Ponce Inlet, FL

Mailing Address
4624 Harbour Village Boulevard #4406
Ponce Inlet, FL 32127

--

Gail Ann Magnuson
Mobile: 1.704.232.5648
Residence: Ponce Inlet, FL

Mailing Address
4624 Harbour Village Boulevard #4406
Ponce Inlet, FL 32127