Re: Privacy Questionnaire

Thanks, Kepeng!  Feel free to add this to the wiki... greg/me/CDT
don't want it to feel like we "own" that, and others should feel free
to change it (as long as you have a w3c login).

I do think "classification" is a bit general... there are other parts
of the questionnaire that talk about "handling personal data" (my
words). So is this question specifically about creating data that
might be personal? For example for WebRTC, it generates a bunch of
audio/video data, and depending on what the camera is pointed at, some
of that could be quite personal.

best, Joe

On Wed, Jul 29, 2015 at 9:14 PM, Kepeng Li <kepeng.lkp@alibaba-inc.com> wrote:
> Hello all,
>
>>Link to the PING working document:
> https://www.w3.org/wiki/Privacy_and_security_questionnaire
>
>
> I propose to add another privacy question:
>
> X Will this specification generate data? What is the classification of the
> generated
> data and how to deal with that?
>
> Explanation:
> Understanding the classification of the generated data is important to
> determine the
> processing methods. One way to minimize the privacy impact is to minimize
> the
> collection of personal information in the first place and to limit the
> retention of that data for further processing. To protect the privacy data,
> some methods can be adopted, e.g. de-identification, anonymous, encryption.
>
> Example: There are a number of classification schemes
> that can be used to achieve this process step, but in general we should
> determine: why the data is collected, what is the primary purpose for the
> processing, where it is being transferred or stored and how long it is
> being
> retained. In addition, the anonymity characteristic or the degree that the
> individual associated with the personal data can be identified, linked to,
> or
> named through observing the network traffic containing the data, needs to
> be
> classified (that is, the personal data, in fact, personally identifiable
> information or PII). Personal data is classified as identified,
> identifiable
> and non-identifiable. In addition, a classification of sensitive
> identifiable
> should be considered.
>
>
> Thanks,
>
> Kind Regards
> Kepeng
>
>>
>>> Begin forwarded message:
>>>
>>> From: Christine Runnegar <runnegar@isoc.org>
>>> Subject: Fwd: Save the date - PING at IETF - Thursday 23 July
>>> Date: 15 July 2015 9:57:12 am GMT+2
>>> To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
>>> Resent-From: <public-privacy@w3.org>
>>>
>>> PING and friends,
>>>
>>> We will be meeting in the Rokoska room between 11:30 and 13:00 on
>>>Thursday 23 July 2015.
>>>
>>> Anyone with an interest in privacy is welcome. Bring your friends!
>>>
>>> Please let us know (off list) if you plan to attend.
>>>
>>> The main topic will be the draft TAG privacy and security questionnaire:
>>>
>>> https://w3ctag.github.io/security-questionnaire/
>>>
>>> Link to the PING working document:
>>>
>>> https://www.w3.org/wiki/Privacy_and_security_questionnaire
>>>
>>> Useful background reading:
>>>
>>> DRAFT - Fingerprinting guidance -
>>>https://w3c.github.io/fingerprinting-guidance/
>>> DRAFT - Privacy considerations -
>>>https://w3c.github.io/privacy-considerations/
>>> DRAFT - Specification Privacy Assessment - http://yrlesru.github.io/SPA/
>>>
>>> Please note that this will be a “bring your own lunch” meeting
>>>
>>> Christine and Tara
>>>
>>>> Begin forwarded message:
>>>>
>>>> From: Christine Runnegar <runnegar@isoc.org>
>>>> Subject: Save the date - PING at IETF - Thursday 23 July
>>>> Date: 10 June 2015 7:59:29 am GMT+2
>>>> To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
>>>> Resent-From: <public-privacy@w3.org>
>>>>
>>>> Hi all,
>>>>
>>>> We will be again organising an informal PING and friends get-together
>>>>alongside IETF.
>>>>
>>>> Please join us on Thursday 23 July 2015 during the lunch break.
>>>>
>>>> (Precise meeting time and location to be advised)
>>>>
>>>> Christine and Tara
>>>
>>
>
>
>



-- 
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

Received on Thursday, 30 July 2015 20:35:12 UTC