W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2015

Re: new security/privacy review questions

From: Greg Norcie <gnorcie@cdt.org>
Date: Tue, 14 Jul 2015 16:52:57 -0400
Message-ID: <CAMJgV7bGHvCJT5QVJHhOoM4hX4c3=JWa5Yd5iOrdpNWW1YeBQQ@mail.gmail.com>
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Hi all,

To make editing more democratic,  I took the questions and put them on the
PING wiki to allow for easier editing:

https://www.w3.org/wiki/Privacy_and_security_questionnaire

Now it should be much easier for everyone to make changes to the document,
but we avoid some of the issues present with say, a Google Docs. (It's
nontrivial to both allow those w/o Google accounts to edit and prevent
vandalism)

-Greg

On Wed, Jul 8, 2015 at 11:32 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:

> I should say that we have no interest in holding the pen here... I
> asked Greg to send a PDF just because I didn't want people to have to
> necessarily have a Google account to view the Doc. However, it sounds
> like that's inaccurate (anonymous users can edit Google docs).
>
> We'd be happy to throw this up in a Doc... we'd need to be careful
> about defacement since we can't control access to PING members, but
> happy to do it.
>
> best, Joe
>
> On Tue, Jul 7, 2015 at 2:28 PM, Greg Norcie <gnorcie@cdt.org> wrote:
> > Hi all,
> >
> > So I spoke with Joe - he will definitely be in Prague, however we both
> agree
> > it'd be ideal to keep as much of the discussion on list as possible, so
> > those who won't be present can give feedback. (The IETF meeting can
> focus on
> > discussing any remaining sticking points / high level issues that need
> > debate).
> >
> > I went through the questions and edited them to try to be more
> respectful of
> > international norms, using language like "personally derived information"
> > rather than "personally identifiable" information
> >
> > I also fleshed out the sections where an explanation and/or example was
> > lacking.
> >
> > (The goal is that each section have an explanation of the question as
> well
> > as a real world example - some questions seem pretty self explanatory but
> > I'd rather be a little redundan rather than start to make subjectives
> > judgement on what questions are "self explanatory")
> >
> > On Sat, Jul 4, 2015 at 8:11 AM, Ambarish S Natu <ambarish.natu@gmail.com
> >
> > wrote:
> >>
> >> If i try to summarize Privacy as a state free from observation and
> >> Security as a state free from danger, what will ensure that an
> individual be
> >> free from any observation be it PII or PDI or something else, i have no
> >> particular preference.
> >>
> >> Ambarish
> >>
> >>
> >> On Saturday, 4 July 2015, Craig Spiezle <craigs@otalliance.org> wrote:
> >>>
> >>> +1. Agree with David
> >>>
> >>> Sent from my iPhone
> >>>
> >>> > On Jul 3, 2015, at 4:21 PM, David Singer <singer@apple.com> wrote:
> >>> >
> >>> >
> >>> >> On Jul 3, 2015, at 4:28 , Christine Runnegar <runnegar@isoc.org>
> >>> >> wrote:
> >>> >>
> >>> >> Yes, welcome Tiffany, and thank you for sharing your views.
> >>> >>
> >>> >> Indeed, the scope of privacy and data protection laws (i.e. the
> >>> >> definition of “personal data/personal information”) varies
> depending on the
> >>> >> jurisdiction.
> >>> >>
> >>> >> A common, but not universal definition is:
> >>> >>
> >>> >> “any information [relating to/about] an identified or identifiable
> >>> >> individual”
> >>> >>
> >>> >> (found, for example, in the OECD Privacy Guidelines, Council of
> Europe
> >>> >> Convention 108 and APEC Privacy Framework)
> >>> >>
> >>> >> My personal preference is not to use “PII”, but rather, “personal
> >>> >> data” or “personal information”, as needed.
> >>> >
> >>> > yes.  I am quite fond of ‘personally derived information’ i.e.
> >>> > information that derives from the actions of a single person.
> >>> >
> >>> >
> >>> > David Singer
> >>> > Manager, Software Standards, Apple Inc.
> >>> >
> >>> >
> >>>
> >>
> >>
> >> --
> >> अंबरीष श्रिकृष्ण नातू
> >>
> >>
> >> Sent from Gmail Mobile
> >
> >
> >
> >
> > --
> > /***********************************/
> > Greg Norcie (norcie@cdt.org)
> > Staff Technologist
> > Center for Democracy & Technology
> > 1634 Eye St NW Suite 1100
> > Washington DC 20006
> > (p) 202-637-9800
> > PGP: http://norcie.com/pgp.txt
> >
> > Fingerprint:
> > 73DF-6710-520F-83FE-03B5
> > 8407-2D0E-ABC3-E1AE-21F1
> >
> > /***********************************/
>
>
>
> --
> Joseph Lorenzo Hall
> Chief Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> joe@cdt.org
> PGP: https://josephhall.org/gpg-key
> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>



-- 
/***********************************/

*Greg Norcie (norcie@cdt.org <norcie@cdt.org>)*

*Staff Technologist*
*Center for Democracy & Technology*
1634 Eye St NW Suite 1100
Washington DC 20006
(p) 202-637-9800
PGP: http://norcie.com/pgp.txt

Fingerprint:
73DF-6710-520F-83FE-03B5
8407-2D0E-ABC3-E1AE-21F1

/***********************************/
Received on Tuesday, 14 July 2015 20:53:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 14 July 2015 20:53:27 UTC