Greetings,
I am attaching two documents.
The first document provides my observations of the PRIPARE work in general and as it relates to the PMRM and the PbD OASIS Groups. While I made a number of comments, my key observations are to:
- separate privacy methodologies and frameworks from the tools and techniques used to implement them
- define the role of the Privacy Engineer as one that understands both technology and privacy Control and works with the project team to implement the Controls
- begin using the PMRM and PBD at the earliest phase, when the Privacy Engineer has the best chance of influencing the product design and IT/Privacy architectures
- clearly define Controls, Services and Mechanisms and confirm that the PMRM Services are complete and there is an easy way to transition from Controls to Services to Mechanisms
- Controls start high level and become more specific in the project at each phase such that they may be translated into Sevices and implemented in Mechanisms
- consider converting Appendix C to a controls document like NIST to help the Privacy Office and Engineer jump start this rather complex responsibility
- identify prepackaged Mechanisms that meet the requirements of the Services and Controls to help the Privacy Engineer leverage his/her time across multiple projects
The second document is a track changed Mapping of Privacy by Design Principles to
Documentation research I did last summer comparing this document to other methodologies and frameworks I view as comprehensive.
In our call Dawn spoke about tweaking this work when applying the 'Maturity Model' I dug out the work and cleaned up my comments. The track changes and comments are attached.
Next, I am thinking about writing a white paper about how I applied the ISTPA/PMRM in the work at BofA/IBM/Fiderus/EDS/Manpower/Nymity/Gail Magnuson LLC. I sent some notes to John and if he agrees I'll be ready with an outline and some sample text for the next meeting.
Cheers, Gail
Best, Gail
Gail Ann Magnuson
Mobile: 1.704.232.5648
Residence: Ponce Inlet, FL
Mailing Address
4624 Harbour Village Boulevard #4406
Ponce Inlet, FL 32127