[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: ISTPA Privacy Framework introduction
Forwarded by Marc Le Maitre to the XDI TC on behalf of Michael Willett
-----Original Message-----
From: Michael.Willett@seagate.com [mailto:Michael.Willett@seagate.com]
Sent: Wednesday, March 10, 2004 2:51 PM
To: marc.lemaitre@cordance.net
Cc: xdi@lists.oasis-open.org
Subject: ISTPA Privacy Framework introduction
As requested.
Our Mission
The International Security, Trust, and Privacy Alliance (ISTPA) is a
global alliance of
companies, institutions and technology providers working together to
clarify and resolve
existing and evolving issues related to security, trust, and privacy.
The ISTPA's focus is on the protection of personal information.
(Embedded image moved to file: pic11020.gif)Our Goals
Develop a Framework for the protection of personal and
organizational data, which
defines security, privacy, and trust services and their
relationship.
Develop an understanding of the usability, manageability and
cost implications of
technologies supporting data protection.
Conduct research, demonstration, and inter operability
projects, which address critical
privacy, security, and trust issues.
Provide guidance to member companies.
Provide international forums for discussion of issues and
solutions.
Serve as a voice and resource for industry on privacy
technology issues.
Promote the ISTPA's work and its mission.
FAQs: http://www.istpa.org/pdfs/FrameworkFAQ.pdf
Michael Willett (me!) chairs the ISTPA Privacy Framework Committee,
which
has
published a Framework document. The full document is available on the
first
page of the Web site: http://www.istpa.org/
Net: The Framework defines 10 OPERATIONAL privacy management services in
detail
that implement the privacy fair information practices.
Extracts:
Executive summary
If information privacy is the proper handling and use of personal
information throughout its life cycle, consistent with data protection
principles and the preferences of the subject, then personal information
(PI) is any data related to an individual or entity, regardless of
whether
the subject of the PI is identified. Worldwide, especially with the
rapid
onset of web-based e-business, privacy concerns have intensified and
legislation has been enacted that mandates stringent behavior in dealing
with PI. A policy-configurable framework will allow the particular
jurisdictional requirements to be input as parameters that then govern
the
behavior of the framework.
For more than 30 years, a set of principles and fair information
practices
have been evolving in the business and government sectors for the
handling
of personal information. These practices include:
. Notice and awareness
. Choice and consent
. Access (by the subject of the personal information)
. Information quality and integrity
. Update and correction, and
. Enforcement and recourse.
These practices serve as high-level guidelines for human and computer
system behavior toward PI, but the operational specifics are left to the
implementer.
The ISTPA Privacy Framework consists of seven services and three
capabilities that faithfully implement the fair information practices,
but
which contain operational details. The seven services are Audit,
Certification, Control, Enforcement, Interaction, Negotiation, and
Validation; the three capabilities are Access, Agent and Usage. A
capability is a virtual service that derives its functionality by
"calling"
other services.
Use cases illustrate how the various mechanisms within each service or
capability can be exploited in specific contexts.
The Framework can serve as a template for designing privacy management
systems and as an analytic tool for assessing privacy solutions. The
Framework services and capabilities can be combined with existing,
industry-standard security architectures to create a robust information
privacy solution that can be tailored within and across jurisdictions.
|------------------+----------------------------------------------------
--|
| |
|
| Service / | Description
|
| Capability |
|
|------------------+----------------------------------------------------
--|
| |
|
| Audit| Handles the recording and maintenance of events in
|
| | any service to capture the data that is necessary
to |
| | ensure compliance with the terms and policies of an
|
| | agreement and any applicable regulations.
|
|------------------+----------------------------------------------------
--|
| |
|
| Certification|Manages and validates the credentials of any party
or |
| |process involved in processing of a PI transaction.
|
|------------------+----------------------------------------------------
--|
| |
|
| Control|Functions as "repository gatekeeper" to ensure that
|
| |access to PI which is stored by a data collection
|
| |entity complies with the terms and policies of an
|
| |agreement and any applicable regulations.
|
|------------------+----------------------------------------------------
--|
| |
|
| Enforcement|Handles redress when a data collection entity is not
|
| |in conformance with the terms and policies of an
|
| |agreement and any applicable regulations.
|
|------------------+----------------------------------------------------
--|
| |
|
| Interaction|Presents proposed agreements from a data collection
|
| |entity to the data subject; receives the subject's
|
| |personal information, preferences, and actions;
|
| |confirms actions; manages movement of data into and
|
| |out of the Framework. To the extent the data subject
|
| |is represented by an agent, this service comprises
the|
| |interface to the agent.
|
|------------------+----------------------------------------------------
--|
| |
|
| Negotiation|Handles arbitration of a proposal between a data
|
| |collection entity and a data subject. Successful
|
| |negotiation results in an agreement. Humans, agents,
|
| |or any combination, can handle negotiation.
|
|------------------+----------------------------------------------------
--|
| |
|
| Validation|Checks for accuracy of PI at any point in its life
|
| |cycle.
|
|------------------+----------------------------------------------------
--|
| |
|
| Access|A capability that allows the data subject to both
|
| |access the individual's PI that is held by a data
|
| |collection entity, and to correct or update it as
|
| |necessary.
|
|------------------+----------------------------------------------------
--|
| |
|
| Agent|A software capability that acts on behalf of a data
|
| |subject or a requestor. The Agent Capability engages
|
| |with one or more of the other services defined in
this|
| |Framework. Agent can also refer to the human data
|
| |subject in the case of a manual process.
|
|------------------+----------------------------------------------------
--|
| |
|
| Usage| Functions as "processing monitor" to ensure that
|
| | active use of PI complies with the terms and
policies|
| | of an agreement and any applicable regulations.
Such |
| | uses may include transfer, derivation, aggregation,
|
| | pseudo-anonymization, linking, and inference of
data.|
|------------------+----------------------------------------------------
--|
The bulk of the document then goes into detailed descriptions and use
cases
for the Services above.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]