W3C home > Mailing lists > Public > public-dpvcg@w3.org > February 2019

DPVCG personal data categories from EnterPrivacy

From: Harshvardhan J. Pandit <me@harshp.com>
Date: Sun, 17 Feb 2019 00:57:11 +0530
To: public-dpvcg <public-dpvcg@w3.org>
Message-ID: <2f425846-2980-8d46-2dfa-e3db71f083c1@harshp.com>
Hi Fajar, Everyone.

See the email below, where the creator of the EnterPrivacy data 
categories has shared (attached) the spreadsheet containing the terms 
and definitions.
I've updated the terms and definitions in the ontology on Github, where 
each term has a label and attribution (rdfs:isDefinedBy) and definition 
where possible. The spreadsheet has also been put in the Github repo.

Moving forward, I want to do a few things, and would like to know what 
you think about them.

1) singular vs plural: I was confused if we should keep the terms in 
their plural form or singular form - I prefer the singular from a purely 
philosophical point of view e.g. an ontology about animals will have a 
class called Cat and not Cats. The source (PDF) contains terms in the 
plural because I think this is how we refer to them in daily life.

2) clean up terms: some of the terms can be confusing on their own 
without an achor to the context e.g. Account by itself is vague, but if 
we see the hierarchy, it is under Finance. So I renamed it to 
FinanceAccount. I think we need to go through each terms and clean them 
similarly.

3) Relationships between terms: this is tricky, and there are several 
different types of relationships here. One type is part-of, such as 
Account and Account Number, another is source, such as IPAddress and 
Location. We need to identify such relationships, and also find a way to 
represent them in the ontology. We can create a separate ontology for 
these, and keep the current one only as a taxonomy or a thesauri.

Best,
Harsh

P.S. Thanks to Mark for the connection and speeding this up, and thanks 
to Jason for providing the data in a spreadsheet.


-------- Forwarded Message --------
Subject: 	Re: [subject] Categories of
Date: 	Fri, 15 Feb 2019 10:32:11 -0500
From: 	R. Jason Cronk <rjc@privacymaverick.com>
To: 	Mark Lizar <mark@openconsent.com>
CC: 	Harshvardhan J. Pandit <harshvardhan.pandit@adaptcentre.ie>



Mark and Harsh,

Please see attached. Hopefully this meets your needs. It looks like I'm 
a member of the group now. I'll have to read through available 
documentation to see what else the group is working on.

I do want say I have several other categories/taxonomies I use that may 
be beneficial, including

Dan Soloves' Taxonomy of Privacy
Jaap-Henk Hoepman's  Control Strategies and Tactics
FAIR based Privacy Risk Analysis
and a few others of my own design

Jason

.*.*.*.*.................................................................
R. Jason Cronk                  | Juris Doctor
Privacy and Trust Consultant    | IAPP FIP, CIPT, CIPM, CIPP/US, PbD 
Ambassador
*Enterprivacy Consulting Group <http://www.enterprivacy.com/>*    | 
Author ofStrategic Privacy by Design 
<https://iapp.org/store/books/a191a00000345yDAAQ/>
/Privacy notices made simple: https://simpleprivacynotice.com 
<https://simpleprivacynotice.com/>
/....................................................................

*Upcoming Training**
*Privacy by Design Professional:Cyprus (April 
<https://enterprivacy.com/cyprus-training/>), Belarus - English/Russian 
(July)
Online (coming soon):https://privacybydesign.training 
<https://privacybydesign.training/>



      ----- Original Message -----
      From:
      "Mark Lizar" <mark@openconsent.com>

      To:
      "R. Jason Cronk" <rjc@privacymaverick.com>
      Cc:
      "Harshvardhan J. Pandit" <harshvardhan.pandit@adaptcentre.ie>
      Sent:
      Tue, 12 Feb 2019 17:02:19 +0000
      Subject:
      Re: [subject] Categories of


      Thanks Jason,

      This is great !  I am cc’ing Harsh as he is managing the details.
        If you could provide an attribution license to the W3C DPVC CG,
        then this would enable them to use this as a starting point.

      If you could also provide the latest spreadsheet along with the
      license, then we could use this as the starting point.    These
      materials would then end up on the W3C wiki and we can iterate and
      discuss it from there.

      As for the application to join the group, it was a bit tricky for
      me, I think its pretty automated now.  If you have any issues
      joining let me or better yet Harsh know and we can help.

      - Mark


          On 12 Feb 2019, at 16:43, R. Jason Cronk
          <rjc@privacymaverick.com <mailto:rjc@privacymaverick.com>> wrote:

          Mark,

          Thanks for reaching back out to me. Unfortunately, given that
          I'm not in academia, there is no paper around this only my
          infographics. You can find the latest version at
          https://iapp.org/resources/article/categories-of-personal-data/

          Happy to offer an attribution only license.

          Jason

          P.S. I submitted a request to join though don't know how
          actively I can participate.

  .*.*.*.*.................................................................
          R. Jason Cronk                  | Juris Doctor
          Privacy and Trust Consultant    | IAPP FIP, CIPT, CIPM, 
CIPP/US, PbD Ambassador
          *Enterprivacy Consulting Group <http://www.enterprivacy.com/>* 
     | Author ofStrategic Privacy by Design 
<https://iapp.org/store/books/a191a00000345yDAAQ/>
          /Privacy notices made simple: https://simpleprivacynotice.com
          <https://simpleprivacynotice.com/>
  /....................................................................

          *Upcoming Training**
          *Privacy by Design Professional:Cyprus (April 
<https://enterprivacy.com/cyprus-training/>),
          Belarus - English/Russian (July)
          Online (coming soon):https://privacybydesign.training 
<https://privacybydesign.training/>



              ----- Original Message -----
              From:
              "Mark Lizar" <mark@openconsent.com
              <mailto:mark@openconsent.com>>

              To:
              "R. Jason Cronk" <rjc@privacymaverick.com
              <mailto:rjc@privacymaverick.com>>
              Cc:
              "Harshvardhan J. Pandit" <harshvardhan.pandit@adaptcentre.ie
              <mailto:harshvardhan.pandit@adaptcentre.ie>>
              Sent:
              Tue, 12 Feb 2019 14:07:10 +0000
              Subject:
              Re: [subject] Categories of


              Greeting Jason,

              Its been a little while since I was in touch.   I hope you
              are doing well. I wanted to let you know that I have
              submitted these categories to the W3C group -Data Privacy
              Vocabulary and Controls WG, as the Kantara Initiative was
              not standardising semantics.

              This W3C Group has asked me to reach out to you and invite
              you to participate and to see if there is a) a paper that
              supports these categories b) if there has been any
              progression in this work.

              Here is a link to the CG
              https://www.w3.org/community/dpvcg/,  for more information
              you can ask me or Harsh (cc’d).

              Best Regards,

              Mark

                  On 15 Aug 2017, at 20:10, R. Jason Cronk
                  <rjc@privacymaverick.com
                  <mailto:rjc@privacymaverick.com>> wrote:

                  Mark,
                  Attached is the spreadsheet with the Categories of
                  Personal Information as I distributed on my infographic,
                  along with definitions and examples. Thank you for the
                  invite to participate. I will look into joining the
                  group, though my time is stretched thin at the moment,
                  so I'm not sure how much I can contribute.
                  Jason
                  --

                  R. Jason Cronk, JD
                  IAPP Fellow of Information Privacy
                  CIPM, CIPT, CIPP/US, PbD Ambassador
                  *Privacy and Trust Consultant*
                  Enterprivacy Consulting Group 
<http://www.enterprivacy.com/>

                  [Upcoming Advanced Privacy by Design Workshops in
                  October:Atlanta
 
<https://www.eventbrite.com/e/advanced-privacy-by-design-workshop-atlanta-ga-oct-2017-tickets-35888070184>]

                  On 2017-08-15 13:30, Mark Lizar wrote:

                      Hi Jason,

                      (I am ccing this to the CISWG mailing list).

                        Apologies for the delayed response, specification
                      work can move quite
                      slowly.

                      I very much appreciate the re-use of the PI
                      Categories and the offer
                      to provide these in different formats, a spreadsheet
                      would be most
                      helpful for Consent Receipt specification work.

                      We are discussing the use of these PI categories for
                      reference in the
                      work we are working on now.   Our intent is to use
                      these for PI
                      Categories as defined in ISO 29100 and not PII.  The
                      proposed use of
                      these PI Categories are currently being discussed
                      for use in purpose
                      specification for the creation of  consent receipts
                      and PII.  In this
                      regard,  I can confirm we will not represent these
                      categories as PII
                      categories.

                      Lastly, we would like to invite you to the Kantara
                      CISWG workgroup so
                      you can see how we put this great work to use :-)
                        More information
                      about jointing can be found at
  https://kantarainitiative.org/confluence/display/infosharing/Home[3
  <https://kantarainitiative.org/confluence/display/infosharing/Home>]
                      where there is a link to join both the WG and the
                      mailing list.

                      Kind Regards,

                      Mark

                          On 30 May 2017, at 11:25, R. Jason Cronk
                          <rjc@privacymaverick.com
                          <mailto:rjc@privacymaverick.com>>
                          wrote:

                          Hi Mark,

                          Feel free to use this PDF in it's original form
                          in any forum. As for
                          additional uses, please let me know if you'd
                          like a file with the
                          text of the categories and description so you
                          can  use it in
                          different formats. My only ask is that you use
                          the term "Personal
                          Information" rather than PII in reference to
                          this categorization. I
                          find the term PII has contextual limitations
                          because much of
                          personal information, which may be personal to
                          me, is not
                          identifying, i.e. my favorite color. Thus, in
                          discussions, using
                          "PII" immediately constrains the audience to a
                          limited set of
                          personal information.

                          Also, I'm not sure what you mean by complete
                          reference is your
                          request below. Please clarify.

                          --
                          R. Jason Cronk, JD
                          IAPP Fellow of Information Privacy
                          CIPM, CIPT, CIPP/US, PbD Ambassador
                          PRIVACY AND TRUST CONSULTANT
                          Enterprivacy Consulting Group [2
                          <http://www.enterprivacy.com/>]

                          On 2017-05-29 05:22, WordPress wrote:

                              From: Mark <mark@openconsent.com
                              <mailto:mark@openconsent.com>>

                              Message Body:
                              Like your categories of personal information..

                              We would like to use and reference it for
                              developing our PII
                              categories for an effort Called the Consent
                              Receipt at the Kantara
                              Initiative.

                              Could you please provide us with a complete
                              reference for this and
                              perhaps even some formal permission to use 
it ?

                              Kind Regards,

                              Mark

                              --
                              This e-mail was sent from a contact form on
                              Enterprivacy
                              Consulting
                              Group (http://enterprivacy.com
                              <http://enterprivacy.com/>[1
                              <http://enterprivacy.com/>])




                      Links:
                      ------
                      [1]http://enterprivacy.com/
                      [2]http://www.enterprivacy.com/
  [3]https://kantarainitiative.org/confluence/display/infosharing/Home


                  <information categories.ods>


          <Untitled.png>




Received on Saturday, 16 February 2019 19:27:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:37:55 UTC