[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pmrm] FW: Draft Summary Nov 17 ANSI VTAG privacy con call
You all know that I believe we should have a recommended list of privacy policy subjects for both CSPs and RPs, e.g., opt in, informed consent, default do-not-expose, protect data at rest and in motion, etc for CSPs and minimum data draw, protect data at rest and in motion, etc for RPs.
The Management part of PMRM needs a Policy part to hook on to. Regards, Peter Sent from my mobile device. My cell phone # is 240-507-7107. From: Michael Willett <mwillett@nc.rr.com> To: pmrm@lists.oasis-open.org <pmrm@lists.oasis-open.org> Sent: Fri Nov 26 16:26:50 2010 Subject: [pmrm] FW: Draft Summary Nov 17 ANSI VTAG privacy con call FYI: Notice the important distinction in the paragraph below: “Distinction should be made between
principles and methods for protecting privacy” That could be the ‘mantra’ of the PMRM TC, which focuses
on translating principles INTO “methods” (read: Services)! In this context, “methods” may even be understood to
mean the mechanisms used to realize a given Service. Michael From: Saadat, Lauren
[mailto:Lauren.Saadat@DHS.GOV] Our apologies that we were unable to make the call last week and
that these comments are coming in a bit late. If there is still room for
consideration, we offer the following for ANSI Input for Draft
Recommendations for current and potential future ISO work (Document(s): ISO/TMB/PSC N0051): While we certainly support the implementation of PIAs as a best
practice and in accordance with our laws, we’re concerned about the
proposal to establish the PIA as a privacy standard. Distinction should
be made between principles and methods for protecting privacy. PIAs, like
privacy by design, which is mentioned later in the notes, are just one method
of implementing privacy principles. Principles should provide a concept
to abide by and can be implemented through various means. Including
specific methods as principles might create precedence for other methods,
(independent DPAs, for example) to be established as standards as well.
Additionally, we’re concerned that incorporating a specific
method, such as PIAs or privacy by design, into a principle will limit
possibilities for further innovation of future methods of privacy
protection. Additionally, could you please add Nicole McGhee, copied here,
to the listserv for this group? Thanks, Lauren Saadat Director, International Privacy Policy DHS Privacy Office 703-235-0773 From:
owner-idspprivacy@MAILLIST.ANSI.ORG
[mailto:owner-idspprivacy@MAILLIST.ANSI.ORG] On Behalf Of James McCabe Dear
ANSI virtual TAG privacy members, Attached
is a summary of our con call yesterday. Best
regards, Jim
McCabe |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]