W3C home > Mailing lists > Public > public-egov-ig@w3.org > March 2011

Re: The PII Namespace

From: Gannon Dick <gannon_dick@yahoo.com>
Date: Mon, 7 Mar 2011 18:00:14 -0800 (PST)
Message-ID: <314677.23408.qm@web112611.mail.gq1.yahoo.com>
To: "public-egov-ig@w3.org" <public-egov-ig@w3.org>
Hi Chris,

With respect to your question about how PII might help an agency reinforce a stated privacy policy ...

I assume that an Agency of Government doing business with the Public has an absolutely ferocious firewall interface.  I'm not talking about a data breach.  But an Agency is also a functioning office with employees, homes, families, etc. just as if Civil Servants were real people ;o)  It may or may not be a problem in real life, but I can imagine a situation where a search might have access to Citizen's records and also (to lessen redundancy) considerably more detailed information about Agency Employees.  This would be very easy to miss in QA testing, and especially if you bought a package from a third party. The breach is generally from an SQL Injection Attack.  Hard to fight but easy to slow - send the attacker away from your domain and make them start over.  I think PII would be better than FOAF (no use telling someone where to look), but the lesson in either case is that user friendliness for legitimate users is sufficient for the goal.

With respect to Internationalization, I'm American and realize that the 200+ "Subjects" which go along with the 15 terms contain many Americanisms.  If someone is serious about translation, I can make those lists available.  I did do a mini-survey of "user profiles" in several Mail Clients and Office Suites since the information in profiles is added automatically on reformat or transmission.  By now everyone knows about browser cookies, but this source of personal information disclosure has been largely neglected.

Sorry it's long, is it clear ?

BTW, six years ago I offered this to the US Government (the Customs/Security folks).  They don't (understandably) take donations, which might cause Patent Problems (I do have a Copyright, I'd have to look it up).  So I wrote a 30 page proposal and put a price tag of exactly twice the yearly petty cash amount billable over two years.  AFAICT, they are still in the same Circle of Hell I put them in when they failed to read the proposal they insisted upon.  I did hear from some Consultants on the sly who said they rather enjoyed billing for bit bucket service just as often as possible :o)


--- On Mon, 3/7/11, Chris Beer <chris@e-beer.net.au> wrote:

> From: Chris Beer <chris@e-beer.net.au>
> Subject: Re: The PII Namespace
> To: "Gannon Dick" <gannon_dick@yahoo.com>
> Cc: "public-egov-ig@w3.org" <public-egov-ig@w3.org>
> Date: Monday, March 7, 2011, 5:29 PM
> Hi Gannon
> You'll what now?? :)
> I know PII has been discussed before, expecially in view of
> a comparative implementation to FOAF.
> Your point in this might be better explained if you could
> provide a practical example - how could PII (or FOAF for
> that matter - both seek to achieve the same thing) assist an
> agency in reinforcing a stated privacy policy? Privacy is a
> bit of a big ticket eGov item for many states/agencies world
> wide at the moment, so I for one would be curious as to your
> thoughts there. :)
> (Remember to keep it simple - it may have to be explained
> this to "policy wonks".)
> Chris
> On 7/03/2011 11:28 AM, Gannon Dick wrote:
> > Site searches normally require a "bit bucket" of sorts
> when search results have some cyber-stalking
> overtones.  From a Commercial Perspective most Social
> Networking sites and Search Engines can push an extra page
> of ads, so the trouble of rewriting this page functionality
> is perhaps worthwhile.
> > 
> > For Government and non-profit NGO's the situation is
> different.  There is no potential benefit to a sticky
> domain.  Rather than go to the trouble of explaining
> that the query is out of line, users can be sent to the
> Personally Identifiable Information (PII) namespace.
> > 
> > http://purl.org/pii/terms/  There are 15
> terms/URL's, for the fastidious, but any one of them will
> make the point that the requested information is
> unavailable.  In addition, a 16th, http://purl.org/pii/terms/misc should be reserved for
> exactly the opposite message - that the referring page
> contains no PII.  That may be an adoptable standard,
> maybe not.  It might be handy for reinforcement of a
> stated privacy policy.  This is not so much about
> creating Standards as it is saving time and trouble on
> Requirements Documentation, which is to say I'll let Chris
> Beer handle the Internationalization :o)
> > 
> > --Gannon

Received on Tuesday, 8 March 2011 02:00:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:00:45 UTC