[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: PBD-SE TC meeting documentation - 18 September 2013
|
Hei Fred. Good work. Some comments on the documents. Proposal for privacy Use Case Template Test Use Case General: It is a good thing to have such a template, however, I do not support following it be a mandatory condition for conformance to the OASIS PbD-SE specification. Within
my organization we have business units that use different templates but can achieve sufficient PbD results that are equivalent. If the goal for filling in such a template is to have sufficient background information to conduct a DFD, then this can be overkill
for many situations. This template includes level of detail that would be used in a design document for a product and I do not see a need to duplicate design documents within privacy engineering.
Section 8, “Control Categories”: I do not think these three categories make sense. Either the control/safeguard categories should be tied to the privacy principles they re-enforce
(EG, See NIST SP 800-53, Appendix J) or they categories should reflect industry agreed categories for security controls (IE, Physical, Procedural, Technical, Legal and/or Regulatory). PbD Principle 2 I found this document useful for drilling down on the PbD principle in terms a software engineer would understand. But this becomes a guidance document. What I mean is that
this reflects BCP checklist for an engineer. I have not had time to get feedback from other Nokia engineers on the utility of this compared to the Privacy Data Lifecycle set of BCP activities that I shared earlier with the list. Not sure which approach is
most useful, yet. Similar document/sections for the other 6 foundation principles would make for good reading. Chapter 4 - Software Architecture in Practice What is the purpose for sharing? Just info sharing?
Frank/ TC Members: Attached
(for your convenience) are key meeting documents for the upcoming PBD-SE TC teleconference on 18 September. Please make note of the two discussion questions in the agenda
item 3(a):
We have reached the halfway point of our TC mandate. After nine months we are at a key juncture in our work as a TC. Consensus is required on fundamental purposes, uses and structure of the
Specification in progress. It is imperative that a workable roadmap and assignment of work tasks be established following the September meeting if further progress is to be made. Many new members have joined (with new ones currently in the process of joining). Numerous documents and comments have been circulated to date. We have heard several members ask for help in
identifying and prioritizing key Committee documents so that they can participate more effectively in committee work. Accordingly, we have scheduled two optional information sessions as a voluntary service offering to TC members:
1.
Wednesday, September 11: 1:00-1:30 pm EDT
2.
Friday, September 13: 10:00-10:30 pm EDT
Call-in details are forthcoming. These sessions are an opportunity for members to review key discussion documents which will be especially relevant for the work ahead. Our intention is to help
interested members get up to speed and to prepare for --and focus on-- core issues to be addressed at the upcoming TC meeting. The sessions are NOT intended for substantive discussions of committee work but, rather, are better understood as a preparatory review.
Sincerely, Fred Carter On behalf of Ann Cavoukian, Co-Chair Dawn Jutla, Co-Chair |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]