RE: The PII Namespace from Malcolm Crompton on 2011-03-08 (public-egov-ig@w3.org from March 2011)

From: Malcolm Crompton <mcrompton@iispartners.com>
Date: Wed, 9 Mar 2011 10:12:00 +1100
To: "'Gannon Dick'" <gannon_dick@yahoo.com>, <public-egov-ig@w3.org>
Message-ID: <02f501cbdde6$43ec3040$cbc490c0$@com>
Gannon - many thanks for the reply.  Glad to have the issue on the table.  I am in DC at present for meetings of the APEC Data Privacy Subgroup (last week), a workshop on Accountability (today, run by Marty & his Center for Information Policy Leadership) & the IAPP annual summit, www.privacyassociation.org/summit (for the rest of this week).  Which means it will be a while before I get to study your links - thanks for those, too.  I will put them in the review bank and return to them as soon as I can.

Regards

Malcolm Crompton

Managing Director
Information Integrity Solutions Pty Ltd
ABN 78 107 611 898

T:  +61 407 014 450

MCrompton@iispartners.com  
www.iispartners.com 




-----Original Message-----
From: public-egov-ig-request@w3.org [mailto:public-egov-ig-request@w3.org] On Behalf Of Gannon Dick
Sent: Wednesday, 9 March 2011 9:37 AM
To: public-egov-ig@w3.org
Subject: RE: The PII Namespace

Hi Malcolm,

Let me first say that I agree with you (and Mr. Abrams) completely.  I took your advice to heart (the link below).  I do not believe a comprehensive policy agreement on privacy between the Public Sector and Private Sector is attainable.  The temptation to paralysis by technical legal argument is too big.  The Public Sector does have a choice to leverage their well known and widely accepted motivations regardless of the additional concerns of the Private Sector.

Even in Open Source Software, there are legacy and redundant metadata terms. It is clear that any privacy regulation must be a bargain in Good Faith, but that in no way precludes unilateral implementation of a privacy policy by the Public Sector or the use of appropriate shortcuts, although they may only be circumstantially available to the Public Sector.

There is also a link on the page below which contains source code in a zip file.  I also includes "rustthesql.pdf" which explains how the PII Namespace might be used with SQL and data bases.  Some of the SQL is frankly, bad and should not be ROR'ed without a rewrite, but the idea itself is not so bad. 

--Gannon

[1]     http://tinyurl.com/5t5rlm7
Or, give your recipients confidence with a preview TinyURL:
    http://preview.tinyurl.com/5t5rlm7

(links to ...) http://www.rustprivacy.org/2011/pii/cnpii.xml




--- On Mon, 3/7/11, Malcolm Crompton <mcrompton@iispartners.com> wrote:

> From: Malcolm Crompton <mcrompton@iispartners.com>
> Subject: RE: The PII Namespace
> To: chris@e-beer.net.au, "'Gannon Dick'" <gannon_dick@yahoo.com>
> Cc: public-egov-ig@w3.org
> Date: Monday, March 7, 2011, 10:35 PM
> Just a note of caution here.  We
> are watching an increasingly sterile
> argument over what is and what is not PII, including
> because arbitragers
> want to target folk with 'behavioural advertising' by
> collecting lots of
> information about them that in law (but not concept) is not
> PII and hence
> avoid certain forms of regulation.  The FTC, among
> others, is on their case.
> 
> 
> See for example the article that is online at
> https://www.privacyassociation.org/publications/retroactive_zip_code_ruling_
> incites_flurry_of_class-actions/. 
> 
> In particular, note the very wise comment from Marty Abrams
> towards the end
> of the article.  The following three paras are an
> extract:
> 
> Martin Abrams, executive director of the Center for
> Information Policy
> Leadership at Hunton & Williams, says defining what
> constitutes personal
> information is the wrong approach.
> 
> There is no such thing as personal information vs.
> non-personal information
> anymore, not in a highly connected online world, Abrams
> said. Rather, there
> is information that is easily linkable to the individual,
> like a name and
> address together, or information that requires more work to
> link, like a zip
> code, Abrams said.
> 
> “The answer to this question is not to figure out what is
> technologically
> easy to link, because technology will increasingly make
> things easy to
> link,” Abrams said. “It’s about taking a different
> road based on a policy
> perspective. What do we promise never to link, and what are
> the sanctions
> around those promises?”
> 
> 
> Malcolm Crompton
> 
> Managing Director
> Information Integrity Solutions Pty Ltd
> ABN 78 107 611 898
> 
> T:  +61 407 014 450
> 
> MCrompton@iispartners.com 
> 
> www.iispartners.com 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: public-egov-ig-request@w3.org
> [mailto:public-egov-ig-request@w3.org]
> On Behalf Of Chris Beer
> Sent: Tuesday, 8 March 2011 10:30 AM
> To: Gannon Dick
> Cc: public-egov-ig@w3.org
> Subject: Re: The PII Namespace
> 
> Hi Gannon
> 
> You'll what now?? :)
> 
> I know PII has been discussed before, expecially in view of
> a 
> comparative implementation to FOAF.
> 
> Your point in this might be better explained if you could
> provide a 
> practical example - how could PII (or FOAF for that matter
> - both seek 
> to achieve the same thing) assist an agency in reinforcing
> a stated 
> privacy policy? Privacy is a bit of a big ticket eGov item
> for many 
> states/agencies world wide at the moment, so I for one
> would be curious 
> as to your thoughts there. :)
> 
> (Remember to keep it simple - it may have to be explained
> this to 
> "policy wonks".)
> 
> Chris
> 
> On 7/03/2011 11:28 AM, Gannon Dick wrote:
> > Site searches normally require a "bit bucket" of sorts
> when search results
> have some cyber-stalking overtones.  From a Commercial
> Perspective most
> Social Networking sites and Search Engines can push an
> extra page of ads, so
> the trouble of rewriting this page functionality is perhaps
> worthwhile.
> >
> > For Government and non-profit NGO's the situation is
> different.  There is
> no potential benefit to a sticky domain.  Rather than
> go to the trouble of
> explaining that the query is out of line, users can be sent
> to the
> Personally Identifiable Information (PII) namespace.
> >
> > http://purl.org/pii/terms/  There are 15
> terms/URL's, for the fastidious,
> but any one of them will make the point that the requested
> information is
> unavailable.  In addition, a 16th, http://purl.org/pii/terms/misc should be
> reserved for exactly the opposite message - that the
> referring page contains
> no PII.  That may be an adoptable standard, maybe
> not.  It might be handy
> for reinforcement of a stated privacy policy.  This is
> not so much about
> creating Standards as it is saving time and trouble on
> Requirements
> Documentation, which is to say I'll let Chris Beer handle
> the
> Internationalization :o)
> >
> > --Gannon
> 
> 
> 
>
Received on Tuesday, 8 March 2011 23:41:20 UTC