Re: [pmrm] Groups - Privacy Policy Must-Haves (Strawman Privacy PolicyTemplate.doc) uploaded

[Susan Landau <susan.landau@privacyink.org>]

On 3/18/11 1:53 PM, peter.alterman@nih.gov wrote:
> The document named Privacy Policy Must-Haves (Strawman Privacy Policy
> Template.doc) has been submitted by Dr. Peter Alterman to the OASIS Privacy
> Management Reference Model (PMRM) TC document repository.
>
> Document Description:
> This one-pager is my attempt to summarize the considerations any privacy
> policy must address.  Would love comments, additions, revisions, etc., on
> this.
What you have seems reasonable, with one caveat.  One problem I have --- 
and this is a problem of the field, not the document --- is that PII is 
really undefined.   In particular, it is increasingly possible to take 
minimal sets of data from two networks and combine them to deidentify 
users.  Thus the set of PII seems to increase.  I don't know how you 
want to handle this, but it seems to me that this is an important aspect 
of any Privacy Policy statement.

Susan