[gnso-rds-pdp-wg] a suggestion for "purpose in detail"

Gomes, Chuck cgomes at verisign.com
Tue Mar 28 17:53:27 UTC 2017 

Thanks Rod for reminding us of this.

Chuck

-----Original Message-----
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Greg Aaron
Sent: Tuesday, March 28, 2017 12:49 PM
To: Rod Rasmussen <rrasmussen at infoblox.com>; gnso-rds-pdp-wg at icann.org
Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] a suggestion for "purpose in detail"

+1, Chuck.



-----Original Message-----
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Rod Rasmussen
Sent: Tuesday, March 28, 2017 12:44 PM
To: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] a suggestion for "purpose in detail"

Going back to the original question from Andrew. This ground is well-covered in the EWG report.  In particular, the framework is outlined in principles 25 & 26 of the report:

> 25:  Each data element must be associated with a set of permissible purposes.
>> An initial set of acceptable uses, permissible purposes, and data element needs are identified by this report (see Section III and Annex D).
>> Each permissible purpose must be associated with clearly-defined data element access and use policies.
>> As specified in Section III, an on-going review process must be defined to consider proposed new purposes and periodically update permissible purposes to reflect approved additions, mapping them to existing data elements.
>> A Policy Definition process must be defined to consider proposed new data elements and, when necessary, update defined data elements, mapping them to existing permissible purposes.
>
> 26: The list of minimum data elements to be collected, stored and disclosed must be based on known use cases (reflected in this document) and a risk assessment (to be completed prior to RDS implementation).
>


Annex D of the report then maps all the elements we identified to one or more purposes.  We dropped elements that had no legitimate purpose for collection/display.  Note that this mapping is in shorthand, so we probably need to expand upon this to satisfy DPA’s.

So, this work has largely been done, and I’d suggest we do a review of that work to see if it meets the needs of this group and work on fleshing out elements to purposes in order to satisfy DPA requirements.  It would save us a lot of time...

Cheers,

Rod
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list