OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

oasis-board-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [board-agenda] ISP- final draft

copying board-comment list and replying to Eduardo's message--which is not being forwarded to board-agenda...

I agree with replacing "resident" with "person or individual".  I understand that you see that as helpful, I see it as harmless.
It is worth noting that the original language used was based on the need to comply with Massachusetts state law.  (thus the word "resident") Operating in MA means we must comply with MA law.

This policy didn't attempt to address all potential issues globally-- it seems very murky how any other foreign local regulations would impact us, or if we could ever find all the words necessary to be in compliance with all jurisdictions.
Lastly, it might be worth considering if we are exposed to PFI from non-US residents. As a matter of practice the only situations that allow us to capture the data types typically defined as Personal Financial Information is for employees-- we do not record any PFI on members.  We only employ folks in the US.  People who look like employees outside the US are actually contractors, who are not required to provide any Personal Financial Information.  We do capture enough bank account information necessary for us to wire payments -- but we believe most/all use a business shell or business account, therefore exempting themselves from any PFI considerations.


---------- Forwarded message ----------
From: Eduardo Gutentag <eduardo.gutentag@oracle.com>
To: oasis-board-comment@lists.oasis-open.org
Date: Thu, 09 Dec 2010 01:18:30 -0800
Subject: Re: [board-agenda] ISP- final draft
The definition of Personal Information seems to be limited to persons residing in the United States, thus excluding both some employees and many members of OASIS -- which according to the "Objective" section should be covered by it. Also it would appear that the word "resident" in the first sentence of the Personal Information section is inappropriate in this context and should be replaced by "person" or "individual".

On 12/08/2010 12:44 PM, Jim Hughes (LCA) wrote:
Posting the new Information Security Program/Policy for approval at next week's board meeting - agenda item 6.

--------------------------------------------------------------------- This list is for posting purposes only. Any discussion of agenda items should be held on the board-comment@lists.oasis-open.org list. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: board-agenda-unsubscribe@lists.oasis-open.org For additional commands, e-mail: board-agenda-help@lists.oasis-open.org

Eduardo Gutentag | Director, Standards Strategy & Policy
Work Office: +1 650 506 1027 | Home Office: +1 510 550 4616 | SMS: +1 510 681 6540
Oracle Corporate Architecture Group
5op334, 500 Oracle Parkway, | Redwood Shores, California 94065

          Oracle Oracle is committed to developing practices and products that help protect the environment

Scott McGrath
Senior Director of Member Services and COO

Tel +1 781-425-5073 x202
Fax +1 781-425-5072

New to OASIS?
Take a 3-minute tour:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]