Re: [pmrm] FW: Draft Summary Nov 17 ANSI VTAG privacy con call

[Nicola Fabiano <n.fabiano@studiolegalefabiano.eu>]

Dear all,

recently I joined the group and let me take the opportunity to introduce myself. I'm a lawyer and I'm based in Italy; I deal with privacy at European and International level, also contributing with article, essays, etc. Recently I was recognised by the Information & Privacy Commissioner of Ontario - Dr. Ann Cavoukian - Privacy by Design Ambassador.

These are my two general thoughts:
1) I think it's very interesting to work as proposed by Michael in terms of 'translating principles into methods' (Services). I imagine to create a kind of 'case book' or a 'case history' to work on it. I don't know at what point is your work now and what is the approach to deal with PMRM (I apologise), but the cases analysis probably could be useful, in my personal opinion, initially; after probably less than now, but it depends obviously by the work approach and also by the States law. We have in Europe a general European law but the situation - as you know - it's different in each member State. I think that it's useful to collect several experiences (or cases) but only to find the right systematic approach for PMRM.

2) Regarding the Lauren's approach, with great respect I disagree with him, because I think - as already highlighted by Gail - that PIA and Privacy by Design are different concepts. PbD is more comprehensive in relation to concepts, principles and methods (or services). I think that there isn't any limitation working according to PbD principles and methods but this, in my personal opinion, is the main key.

As for the rest, I perfectly agree with Gail in order to her considerations.

Nicola



Michael Willett wrote:

018a01cb8db0$a3d33700$eb79a500$@rr.com" type="cite">

FYI: Notice the important distinction in the paragraph below:

 

 “Distinction should be made between principles and methods for protecting privacy”

 

That could be the ‘mantra’ of the PMRM TC, which focuses

on translating principles INTO “methods” (read: Services)!

 

In this context, “methods” may even be understood to mean the mechanisms

used to realize a given Service.

 

Michael

 

From: Saadat, Lauren [mailto:Lauren.Saadat@DHS.GOV]
Sent: Tuesday, November 23, 2010 12:44 PM
To: IDSPPRIVACY@MAILLIST.ANSI.ORG
Subject: Re: Draft Summary Nov 17 ANSI VTAG privacy con call

 

Our apologies that we were unable to make the call last week and that these comments are coming in a bit late.  If there is still room for consideration, we offer the following for ANSI Input for Draft Recommendations for current and potential future ISO work

(Document(s):  ISO/TMB/PSC N0051):

 

While we certainly support the implementation of PIAs as a best practice and in accordance with our laws, we’re concerned about the proposal to establish the PIA as a privacy standard.  Distinction should be made between principles and methods for protecting privacy.  PIAs, like privacy by design, which is mentioned later in the notes, are just one method of implementing privacy principles.  Principles should provide a concept to abide by and can be implemented through various means.  Including specific methods as principles might create precedence for other methods, (independent DPAs, for example) to be established as standards as well.   Additionally, we’re concerned that incorporating a specific method, such as PIAs or privacy by design, into a principle will limit possibilities for further innovation of future methods of privacy protection. 

 

Additionally, could you please add Nicole McGhee, copied here, to the listserv for this group? 

 

Thanks,

 

Lauren Saadat

Director, International Privacy Policy

DHS Privacy Office

703-235-0773

From: owner-idspprivacy@MAILLIST.ANSI.ORG [mailto:owner-idspprivacy@MAILLIST.ANSI.ORG] On Behalf Of James McCabe
Sent: Thursday, November 18, 2010 3:13 PM
To: IDSPPRIVACY@MAILLIST.ANSI.ORG
Subject: Draft Summary Nov 17 ANSI VTAG privacy con call

 

Dear ANSI virtual TAG privacy members,

 

Attached is a summary of our con call yesterday.

 

Best regards,

 

Jim McCabe
Senior Director, Consumer Relations and IDSP
American National Standards Institute
25 West 43^rd Street, 4^th Floor
New York, NY  10036  U.S.A.
1-212-642-8921; Fax: 1-212-840-2298
jmccabe@ansi.org

 

--
_________________________________

Avv. Nicola Fabiano
Counsel in the Italian Supreme Court
Civil Law Specialist
Privacy and ICT legal advisor

Mob: +39.347.3358418

www.studiolegalefabiano.eu

_________________________________________________________________________

In ottemperanza al D.Lgs.196/2003 sulla tutela dei dati personali, le informazioni contenute in questo messaggio sono strettamente riservate e sono esclusivamente indirizzate al destinatario: qualsiasi uso, riproduzione o divulgazione dello stesso Ë vietata. Nel caso in cui aveste ricevuto questo messaggio per errore, Vi invitiamo ad avvertire il mittente al pi˘ presto e a procedere all'immediata distruzione dello stesso.

According to Italian Law D.Lgs.196/2003 concerning privacy, information contained in this message is confidential and intended for the addressee only: any use , copy or distribution of same is strictly prohibited. If you have received this message in error, you are requested to inform the sender as soon as possible and immediately destroy it.