[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: ISTPA Privacy Framework introduction
Forwarded by Marc Le Maitre to the XDI TC on behalf of Michael Willett -----Original Message----- From: Michael.Willett@seagate.com [mailto:Michael.Willett@seagate.com] Sent: Wednesday, March 10, 2004 2:51 PM To: marc.lemaitre@cordance.net Cc: xdi@lists.oasis-open.org Subject: ISTPA Privacy Framework introduction As requested. Our Mission The International Security, Trust, and Privacy Alliance (ISTPA) is a global alliance of companies, institutions and technology providers working together to clarify and resolve existing and evolving issues related to security, trust, and privacy. The ISTPA's focus is on the protection of personal information. (Embedded image moved to file: pic11020.gif)Our Goals Develop a Framework for the protection of personal and organizational data, which defines security, privacy, and trust services and their relationship. Develop an understanding of the usability, manageability and cost implications of technologies supporting data protection. Conduct research, demonstration, and inter operability projects, which address critical privacy, security, and trust issues. Provide guidance to member companies. Provide international forums for discussion of issues and solutions. Serve as a voice and resource for industry on privacy technology issues. Promote the ISTPA's work and its mission. FAQs: http://www.istpa.org/pdfs/FrameworkFAQ.pdf Michael Willett (me!) chairs the ISTPA Privacy Framework Committee, which has published a Framework document. The full document is available on the first page of the Web site: http://www.istpa.org/ Net: The Framework defines 10 OPERATIONAL privacy management services in detail that implement the privacy fair information practices. Extracts: Executive summary If information privacy is the proper handling and use of personal information throughout its life cycle, consistent with data protection principles and the preferences of the subject, then personal information (PI) is any data related to an individual or entity, regardless of whether the subject of the PI is identified. Worldwide, especially with the rapid onset of web-based e-business, privacy concerns have intensified and legislation has been enacted that mandates stringent behavior in dealing with PI. A policy-configurable framework will allow the particular jurisdictional requirements to be input as parameters that then govern the behavior of the framework. For more than 30 years, a set of principles and fair information practices have been evolving in the business and government sectors for the handling of personal information. These practices include: . Notice and awareness . Choice and consent . Access (by the subject of the personal information) . Information quality and integrity . Update and correction, and . Enforcement and recourse. These practices serve as high-level guidelines for human and computer system behavior toward PI, but the operational specifics are left to the implementer. The ISTPA Privacy Framework consists of seven services and three capabilities that faithfully implement the fair information practices, but which contain operational details. The seven services are Audit, Certification, Control, Enforcement, Interaction, Negotiation, and Validation; the three capabilities are Access, Agent and Usage. A capability is a virtual service that derives its functionality by "calling" other services. Use cases illustrate how the various mechanisms within each service or capability can be exploited in specific contexts. The Framework can serve as a template for designing privacy management systems and as an analytic tool for assessing privacy solutions. The Framework services and capabilities can be combined with existing, industry-standard security architectures to create a robust information privacy solution that can be tailored within and across jurisdictions. |------------------+---------------------------------------------------- --| | | | | Service / | Description | | Capability | | |------------------+---------------------------------------------------- --| | | | | Audit| Handles the recording and maintenance of events in | | | any service to capture the data that is necessary to | | | ensure compliance with the terms and policies of an | | | agreement and any applicable regulations. | |------------------+---------------------------------------------------- --| | | | | Certification|Manages and validates the credentials of any party or | | |process involved in processing of a PI transaction. | |------------------+---------------------------------------------------- --| | | | | Control|Functions as "repository gatekeeper" to ensure that | | |access to PI which is stored by a data collection | | |entity complies with the terms and policies of an | | |agreement and any applicable regulations. | |------------------+---------------------------------------------------- --| | | | | Enforcement|Handles redress when a data collection entity is not | | |in conformance with the terms and policies of an | | |agreement and any applicable regulations. | |------------------+---------------------------------------------------- --| | | | | Interaction|Presents proposed agreements from a data collection | | |entity to the data subject; receives the subject's | | |personal information, preferences, and actions; | | |confirms actions; manages movement of data into and | | |out of the Framework. To the extent the data subject | | |is represented by an agent, this service comprises the| | |interface to the agent. | |------------------+---------------------------------------------------- --| | | | | Negotiation|Handles arbitration of a proposal between a data | | |collection entity and a data subject. Successful | | |negotiation results in an agreement. Humans, agents, | | |or any combination, can handle negotiation. | |------------------+---------------------------------------------------- --| | | | | Validation|Checks for accuracy of PI at any point in its life | | |cycle. | |------------------+---------------------------------------------------- --| | | | | Access|A capability that allows the data subject to both | | |access the individual's PI that is held by a data | | |collection entity, and to correct or update it as | | |necessary. | |------------------+---------------------------------------------------- --| | | | | Agent|A software capability that acts on behalf of a data | | |subject or a requestor. The Agent Capability engages | | |with one or more of the other services defined in this| | |Framework. Agent can also refer to the human data | | |subject in the case of a manual process. | |------------------+---------------------------------------------------- --| | | | | Usage| Functions as "processing monitor" to ensure that | | | active use of PI complies with the terms and policies| | | of an agreement and any applicable regulations. Such | | | uses may include transfer, derivation, aggregation, | | | pseudo-anonymization, linking, and inference of data.| |------------------+---------------------------------------------------- --| The bulk of the document then goes into detailed descriptions and use cases for the Services above.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]