Data Sensitivity BP and first draft...

I need some guidance on the Data Sensitivity BP [1].  While I have been
working on the introduction, many questions come to mind including our need
to seek input from the W3C Privacy Interest Group [2] for best practice
guidance.

In retrospect it would have been nice to bring in the Privacy working group
earlier. Unofficial documents are intriguing [3] but not official.

Given the short time time to write up the best practice, I feel it is
better to attempt a write up, seek input from the Privacy Working Group
after the draft is released publicly, and revise accordingly.

Here is the intro text so far...

Sensitive data is any designated data or metadata that is used in limited
ways and/or intended for limited audiences. Sensitive data may include
personal data, corporate, or government data and mishandling of published
sensitive data may lead to damages to individuals or organizations.  To
support best practices for publishing sensitive data, data publishers must:
identify all sensitive data, assess the exposure risk, determine the
intended usage, data user audience and any related usage policies, obtain
appropriate approval, and determine the appropriate measures needed to
taken to protect the data.


Thoughts?

[1] http://w3c.github.io/dwbp/usecasesv1.html#R-SensitivePrivacy
[2] http://www.w3.org/2011/07/privacy-ig-charter
[3] http://yrlesru.github.io/SPA/

Received on Tuesday, 13 January 2015 14:35:44 UTC