OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

oasis-board-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [board-agenda] ISP- final draft


The policy claims to be designed for the protection of the PFI of members and employees; saying "resident" is confusing to the point of being harmful, actually. I'm glad you agree it should be replaced. Also, the use of SS number or other US-centric elements excludes non-US members from the intended protective umbrella -- but if OASIS does not record any PFI on members, then the word members should not appear in the first paragraph. To make the whole thing less US-centric the data elements could be specified as "(a) local, statal, provincial, national and/or regional identification numbers or codes or (b) [copy and paste here what (c) in the original says]"

My whole point in all this is that this policy should be as internally consistent as possible, that's all. If the reality is that half of it refers to situations that will never arise, then that half should be deleted. If compliance with local laws prevents that half from being deleted then make it congruent with the organization.

On 12/09/2010 12:58 PM, Scott McGrath wrote:
AANLkTimfzzo_LHXMbNAvau-s8t+JqkDMGSaxWpXPYDOx@mail.gmail.com" type="cite">copying board-comment list and replying to Eduardo's message--which is not being forwarded to board-agenda...

I agree with replacing "resident" with "person or individual".  I understand that you see that as helpful, I see it as harmless.
It is worth noting that the original language used was based on the need to comply with Massachusetts state law.  (thus the word "resident") Operating in MA means we must comply with MA law.

This policy didn't attempt to address all potential issues globally-- it seems very murky how any other foreign local regulations would impact us, or if we could ever find all the words necessary to be in compliance with all jurisdictions.
 
Lastly, it might be worth considering if we are exposed to PFI from non-US residents. As a matter of practice the only situations that allow us to capture the data types typically defined as Personal Financial Information is for employees-- we do not record any PFI on members.  We only employ folks in the US.  People who look like employees outside the US are actually contractors, who are not required to provide any Personal Financial Information.  We do capture enough bank account information necessary for us to wire payments -- but we believe most/all use a business shell or business account, therefore exempting themselves from any PFI considerations.
.

Scott...


---------- Forwarded message ----------
From: Eduardo Gutentag <eduardo.gutentag@oracle.com>
To: oasis-board-comment@lists.oasis-open.org
Date: Thu, 09 Dec 2010 01:18:30 -0800
Subject: Re: [board-agenda] ISP- final draft
The definition of Personal Information seems to be limited to persons residing in the United States, thus excluding both some employees and many members of OASIS -- which according to the "Objective" section should be covered by it. Also it would appear that the word "resident" in the first sentence of the Personal Information section is inappropriate in this context and should be replaced by "person" or "individual".





On 12/08/2010 12:44 PM, Jim Hughes (LCA) wrote:
Posting the new Information Security Program/Policy for approval at next week's board meeting - agenda item 6.

Jim
--------------------------------------------------------------------- This list is for posting purposes only. Any discussion of agenda items should be held on the board-comment@lists.oasis-open.org list. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: board-agenda-unsubscribe@lists.oasis-open.org For additional commands, e-mail: board-agenda-help@lists.oasis-open.org

--
Oracle
Eduardo Gutentag | Director, Standards Strategy & Policy
Work Office: +1 650 506 1027 | Home Office: +1 510 550 4616 | SMS: +1 510 681 6540
Oracle Corporate Architecture Group
5op334, 500 Oracle Parkway, | Redwood Shores, California 94065

Green Oracle Oracle is committed to developing practices and products that help protect the environment




--
Scott McGrath
Senior Director of Member Services and COO
scott.mcgrath@oasis-open.org

NEW:
Tel +1 781-425-5073 x202
Fax +1 781-425-5072

New to OASIS?
Take a 3-minute tour:
http://www.oasis-open.org/home/tour.php

--
Oracle
Eduardo Gutentag | Director, Standards Strategy & Policy
Work Office: +1 650 506 1027 | Home Office: +1 510 550 4616 | SMS: +1 510 681 6540
Oracle Corporate Architecture Group
5op334, 500 Oracle Parkway, | Redwood Shores, California 94065

Green
          Oracle Oracle is committed to developing practices and products that help protect the environment


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]