Final Action: Magnuson-Moss Warranty Act Interpretations; Rules ...
Presentation annotated by Gail Magnuson LLC with permission from Using Information Technologies to...
-
Upload
valentine-singleton -
Category
Documents
-
view
213 -
download
0
Transcript of Presentation annotated by Gail Magnuson LLC with permission from Using Information Technologies to...
Presentation annotated by Gail Magnuson LLC with permission from www.peterfbrown.com
Using Information Technologies to Empower and Transform
This presentation supported by Gail Magnuson, President, Gail Magnuson LLC
Peter F BrownIndependent Consultant
The Privacy Management Reference Model and Methodology from OASIS:
Using the Privacy Management Reference Model and Methodology to Explore Do Not Track Design
Introduction to PMRMIAPP Cleveland KnowledgeNet Presentation
Gail A Magnuson, CIPP US President, Gail Magnuson [email protected] 2012
© Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC
A Model and a Methodology
2
The model provides a common conceptual framework and vocabulary to help people cooperate across disciplines and organizational boundaries…
…and the methodology provides a common set of tasks to achieve a privacy architecture and privacy management analysis
© Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC
The PMRM Model
3
© Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC
The PMRM Methodology
4
Presentation annotated by Gail Magnuson LLC with permission from www.peterfbrown.com
Using Information Technologies to Empower and Transform
This presentation supported by Gail Magnuson, President, Gail Magnuson LLC
Peter F BrownIndependent Consultant
The Methodology in Detail
© Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC
Detailed Privacy Analysis
1.High-Level Privacy Analysis and Use Case
6
Scop
e General Description of Services & Applications En
viro
nmen
t
Business Use Case Inventory
App
licab
le R
equi
rem
ents Privacy
Conformance Criteria
Impa
ct A
sses
smen
ts Privacy Assessment PreparationPrivacy Impact AssessmentsPrivacy Maturity AssessmentsCompliance ReviewsAccountability Model Assessments
Application and Business Process Descriptions Applicable Privacy Policies, Practices, Laws & Regulations
© Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC
Domains
2.Detailed Privacy Use Case Analysis
7
Scope:High-Level Privacy AnalysisHigh-Level Use Case Description
Systems
Roles & Responsibilities Actors
Touch Points
Owners
Identify all the following:
© Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC
1st Party WebsiteBrower(s) or DNT
2.US DNT & EU Cookie Touch Points & Data Flows
8
System aTo
uch
Poin
t
Touch Point
Touc
h Po
int
System b
System c
3rd Party Websites
System d
Big Data Vendor(s)
System e
Browser(s) or DNT
System a
Touch Point
Touch Point
© Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC
3.Identify PI and Privacy Controls
9
© Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC
4.Services Supporting Privacy Controls
10
Privacy Controls are usually stated in the form of a policy declaration or requirement and not in a way that is immediately actionable or implementable.
Services provide the ‘bridge’ between requirement and implementation by providing privacy constraints on system-level actions governing the flow of PI between touch points
8 key PMRM Services identified in the initial work:
Agreement
Usage
Validation
Security
Certification
Enforcement
Interaction
Access
© Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC
4.Map Privacy Controls to Services
11
Ag E
I
Ac
Ac
U V E
U V S C I
Incoming PI
Internally Generated PI
Inherited Privacy Controls
Internal Privacy Controls
PMRM Services Required
Outgoing PI Exported Privacy Controls
AcU V S C I
IU V E
© Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC
4.Map Services to Systems
12
Ag E Ac
IU V E
AcU V S C I
PMRM Services Used
AcU V S C I
Business Processes and Technical Mechanisms Required by System
A B C D E
B C E F
A C D G H
C E G H
Risk Assessment
© Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC
A Model and a Methodology
13
The model provides a common conceptual framework and vocabulary to help people cooperate across disciplines and organizational boundaries…
…and the methodology provides a common set of tasks to achieve a privacy architecture and privacy management analysis
Presentation annotated by Gail Magnuson LLC with permission from www.peterfbrown.com
The OASIS Privacy Management Reference Model and Methodology
Introduction to PMRM
► [email protected]► www.peterfbrown.com► PensivePeter.wordpress.com► @PensivePeter
PMRM Draft Specification:http://docs.oasis-open.org/pmrm/PMRM/v1.0/csd01/PMRM-v1.0-csd01.docPMRM Committee Home Page:http://www.oasis-open.org/committees/pmrmUSAToday EU Cookie Law Overview with Chris Wolf Interview:http://content.usatoday.com/communities/technologylive/post/2011/09/europe-taking-much-stricter-stance-on-do-not-track-rules/1#.UFiEBrJlR5U