W3C home > Mailing lists > Public > public-egov-ig@w3.org > March 2011

Re: The PII Namespace

From: Gannon Dick <gannon_dick@yahoo.com>
Date: Mon, 14 Mar 2011 17:01:40 -0700 (PDT)
Message-ID: <677467.45816.qm@web112603.mail.gq1.yahoo.com>
To: "public-egov-ig@w3.org" <public-egov-ig@w3.org>
Hi Chris,

On a related note, a link to the PII Namespace as I suggested for the pii:misc term (meaning that there is no PII in the document) would enable a large number of documents could be collated very quickly so that statistical sampling could be done rather than an individual examination of each.  This could potentially save a great deal of time for Freedom of Information (FOIA) requests.  Preliminary indications about a performance report on this subject due out today did not seem rosy.

1. This is a special case, since it involves the Business Documents of Government.
2. Ordinarily, I would think carefully about putting meta data in the Head or Body of a document.  Searches of the Head (with GRDDL) yield different results than Full Text searches of the Body.  In this case, the indicator is a link and it matters not where you may find it.
3. Sampling Protocols are powerful tools, but not without hazards.  The biggest hazard may be the high priced help.  High level Strategic Planning takes years of training and experience, but every one who works in an office knows the operation of the coffee pot is best left to the experts.  Random Sampling Protocols have to be ruthlessly applied.
4. It is important that those with ultimate responsibility believe the results.  It is best to prove the results in detail, at least once.
5. Likewise important is that those with ultimate responsibility know exactly what a failure looks like.  It is very easy to mistake a "Confidence Level" for a fundamental lack of confidence.

--Gannon

--- On Mon, 3/7/11, Gannon Dick <gannon_dick@yahoo.com> wrote:

> From: Gannon Dick <gannon_dick@yahoo.com>
> Subject: Re: The PII Namespace
> To: "public-egov-ig@w3.org" <public-egov-ig@w3.org>
> Date: Monday, March 7, 2011, 8:00 PM
> Hi Chris,
> 
> With respect to your question about how PII might help an
> agency reinforce a stated privacy policy ...
> 
> I assume that an Agency of Government doing business with
> the Public has an absolutely ferocious firewall
> interface.  I'm not talking about a data breach. 
> But an Agency is also a functioning office with employees,
> homes, families, etc. just as if Civil Servants were real
> people ;o)  It may or may not be a problem in real
> life, but I can imagine a situation where a search might
> have access to Citizen's records and also (to lessen
> redundancy) considerably more detailed information about
> Agency Employees.  This would be very easy to miss in
> QA testing, and especially if you bought a package from a
> third party. The breach is generally from an SQL Injection
> Attack.  Hard to fight but easy to slow - send the
> attacker away from your domain and make them start
> over.  I think PII would be better than FOAF (no use
> telling someone where to look), but the lesson in either
> case is that user friendliness for legitimate users is
> sufficient for the goal.
> 
> With respect to Internationalization, I'm American and
> realize that the 200+ "Subjects" which go along with the 15
> terms contain many Americanisms.  If someone is serious
> about translation, I can make those lists available.  I
> did do a mini-survey of "user profiles" in several Mail
> Clients and Office Suites since the information in profiles
> is added automatically on reformat or transmission.  By
> now everyone knows about browser cookies, but this source of
> personal information disclosure has been largely neglected.
> 
> Sorry it's long, is it clear ?
> 
> BTW, six years ago I offered this to the US Government (the
> Customs/Security folks).  They don't (understandably)
> take donations, which might cause Patent Problems (I do have
> a Copyright, I'd have to look it up).  So I wrote a 30
> page proposal and put a price tag of exactly twice the
> yearly petty cash amount billable over two years. 
> AFAICT, they are still in the same Circle of Hell I put them
> in when they failed to read the proposal they insisted
> upon.  I did hear from some Consultants on the sly who
> said they rather enjoyed billing for bit bucket service just
> as often as possible :o)
> 
> --Gannon 
> 
> --- On Mon, 3/7/11, Chris Beer <chris@e-beer.net.au>
> wrote:
> 
> > From: Chris Beer <chris@e-beer.net.au>
> > Subject: Re: The PII Namespace
> > To: "Gannon Dick" <gannon_dick@yahoo.com>
> > Cc: "public-egov-ig@w3.org"
> <public-egov-ig@w3.org>
> > Date: Monday, March 7, 2011, 5:29 PM
> > Hi Gannon
> > 
> > You'll what now?? :)
> > 
> > I know PII has been discussed before, expecially in
> view of
> > a comparative implementation to FOAF.
> > 
> > Your point in this might be better explained if you
> could
> > provide a practical example - how could PII (or FOAF
> for
> > that matter - both seek to achieve the same thing)
> assist an
> > agency in reinforcing a stated privacy policy? Privacy
> is a
> > bit of a big ticket eGov item for many states/agencies
> world
> > wide at the moment, so I for one would be curious as
> to your
> > thoughts there. :)
> > 
> > (Remember to keep it simple - it may have to be
> explained
> > this to "policy wonks".)
> > 
> > Chris
> > 
> > On 7/03/2011 11:28 AM, Gannon Dick wrote:
> > > Site searches normally require a "bit bucket" of
> sorts
> > when search results have some cyber-stalking
> > overtones.  From a Commercial Perspective most
> Social
> > Networking sites and Search Engines can push an extra
> page
> > of ads, so the trouble of rewriting this page
> functionality
> > is perhaps worthwhile.
> > > 
> > > For Government and non-profit NGO's the situation
> is
> > different.  There is no potential benefit to a
> sticky
> > domain.  Rather than go to the trouble of explaining
> > that the query is out of line, users can be sent to
> the
> > Personally Identifiable Information (PII) namespace.
> > > 
> > > http://purl.org/pii/terms/  There are
> 15
> > terms/URL's, for the fastidious, but any one of them
> will
> > make the point that the requested information is
> > unavailable.  In addition, a 16th, http://purl.org/pii/terms/misc should be reserved for
> > exactly the opposite message - that the referring
> page
> > contains no PII.  That may be an adoptable standard,
> > maybe not.  It might be handy for reinforcement of a
> > stated privacy policy.  This is not so much about
> > creating Standards as it is saving time and trouble
> on
> > Requirements Documentation, which is to say I'll let
> Chris
> > Beer handle the Internationalization :o)
> > > 
> > > --Gannon
> > 
> > 
> 
> 
> 
> 


      
Received on Tuesday, 15 March 2011 00:02:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 15 March 2011 00:03:00 GMT