- From: Eric Stephan <ericphb@gmail.com>
- Date: Tue, 13 Jan 2015 06:35:16 -0800
- To: Public DWBP WG <public-dwbp-wg@w3.org>
- Message-ID: <CAMFz4jiiHrsALryri7KUL-YQfxNdLb6AnmuWv_VuyJhcNnjHuA@mail.gmail.com>
I need some guidance on the Data Sensitivity BP [1]. While I have been working on the introduction, many questions come to mind including our need to seek input from the W3C Privacy Interest Group [2] for best practice guidance. In retrospect it would have been nice to bring in the Privacy working group earlier. Unofficial documents are intriguing [3] but not official. Given the short time time to write up the best practice, I feel it is better to attempt a write up, seek input from the Privacy Working Group after the draft is released publicly, and revise accordingly. Here is the intro text so far... Sensitive data is any designated data or metadata that is used in limited ways and/or intended for limited audiences. Sensitive data may include personal data, corporate, or government data and mishandling of published sensitive data may lead to damages to individuals or organizations. To support best practices for publishing sensitive data, data publishers must: identify all sensitive data, assess the exposure risk, determine the intended usage, data user audience and any related usage policies, obtain appropriate approval, and determine the appropriate measures needed to taken to protect the data. Thoughts? [1] http://w3c.github.io/dwbp/usecasesv1.html#R-SensitivePrivacy [2] http://www.w3.org/2011/07/privacy-ig-charter [3] http://yrlesru.github.io/SPA/
Received on Tuesday, 13 January 2015 14:35:44 UTC