Fwd: Question

[Gail Magnuson <gail.magnuson@gmail.com>]

Greetings,

Antonio shared with me and now I to you an excellent example of a significantly more rigorous Privacy Impact Assessment Guideline for RFID Applications.  

It aligns itself much more closely to the OASIS PMRM and PbD works and provides for a Risk Assessment process that aligns itself with the various known privacy risks that map back to privacy requirements. 

It creates controls that are more comprehensive and implies the need for a much more disciplined implementation of detailed controls into services and mechanisms. 

It also provides three models that are rather comprehensive for various types of RFID scenarios (retail, public transport and automotive) and it integrates various IT standard modeling techniques to display the outcome of various steps or phases.

This Assessment Guideline is in a two year trial period. 

Perhaps, when we finish our commentary to NIST, we might want to consider making commentaries on those initiatives that closely align themselves with the OASIS PMRM and PbD works, including the one that Antonio has shared with us. With minor changes to this initiative and others they may achieve significant results.

While I can certainly demonstrate my application of the PMRM beginning in 2000 and describe the benefits i accrued, they are not what is needed now. I applied the PMRM at a macro level to guide entities and privacy offices in setting high level controls. 

Now it is time to develop much more detailed controls and apply these OASIS models and methodologies at a more granular level.   

It might be beneficial to acknowledge and examine the more recent works that are applying successfully the elements of the OASIS works and to help formulate the standards for the 'Privacy Engineer'.

Just a thought.

Best, Gail

 

---------- Forwarded message ----------
From: Antonio kung <antonio.kung@trialog.com>
Date: Tue, Jun 16, 2015 at 11:21 AM
Subject: Re: Question
To: Gail Magnuson <gail.magnuson@gmail.com>


Gail,

See https://ec.europa.eu/energy/en/test-phase-data-protection-impact-assessment-dpia-template-smart-grid-and-smart-metering-systems

cheers

Antonio

Le 16/06/2015 17:20, Gail Magnuson a écrit :

Antonio,

Thanks so much for your observations!

During the call you mentioned a trial process going on in the EU. Do you have a link to this process that is in English?

Best, Gail

--
Gail Ann Magnuson
Mobile: 1.704.232.5648
Residence: Ponce Inlet, FL

Mailing Address
4624 Harbour Village Boulevard #4406
Ponce Inlet, FL 32127

--
_________________________________________________________________________

TRIALOG
25 rue du general Foy
F-75008 Paris
http://www.trialog.com

Tel   : 33 (0) 1 44 70 61 00  Direct : 33 (0) 1 44 70 61 03
Fax   : 33 (0) 1 44 70 05 91
mailto:antonio.kung@trialog.com
_________________________________________________________________________
    -- Software Engineering Focused on Embedded Systems Technology --
            -- Connectivity Solutions for Embedded Systems --
_____________________________________________________________________
The information contained in this transmission, which may be
confidential and proprietary, is only for the intended recipients.
Unauthorized use is strictly prohibited. If you receive this
transmission in error, please notify me immediately by telephone
or electronic mail and confirm that you deleted this transmission
and the reply from your electronic mail system.
_____________________________________________________________________

--

Gail Ann Magnuson
Mobile: 1.704.232.5648
Residence: Ponce Inlet, FL

Mailing Address
4624 Harbour Village Boulevard #4406
Ponce Inlet, FL 32127