Let me know if you want some navigational guidance on the very large spreadsheet. It is useful once familiar, but vertigo-inducing on first glance.
The actual content starts at row 5 which has the column headers.
Ignore the stuff about "Data stores" and the "social theory of identity" - Those were specific columns tying the analysis to specific analytical paradigms.
Kind regards,
Scott
Scott L. David
Director of Policy
Center for Information Assurance and Cybersecurity
Applied Physics Laboratory
University of Washington
w- 206-897-1466
m- 206-715-0859
Hi folks - sorry that I missed this morning's call.
Following up on the thread below, the attachments might help in "mapping" various privacy laws to UMA via common accord. The excel spreadsheet parses the elements of 4 privacy torts, 38 US federal statutes and over a dozen FIPPs-based legal regimes based on correlations of "harms." The word document is a "key" that includes the full text of the FIPPs-based laws set forth in the FIPPs columns of the excel document. Please let me know if you would like a "tour" of the document.
To derive duties from the chart (for inclusion in the Common Accord framing), it is a matter of referencing the cited authority. Note that many US federal "data security laws" and many FIPPs-based laws are already framed as "duties" instead of rights, making the task easier.
Please let me know if you would like to discuss further.
Scott L. David
Director of Policy
Center for Information Assurance and Cybersecurity
Applied Physics Laboratory
University of Washington
w- 206-897-1466
m- 206-715-0859Tw - @ScottLDavid
From: wg-uma-bounces@kantarainitiative.org <wg-uma-bounces@kantarainitiative.org> on behalf of James Hazard <james.g.hazard@gmail.com>
Sent: Friday, January 15, 2016 11:01 AM
To: Eve Maler
Cc: wg-uma@kantarainitiative.org WG
Subject: Re: [WG-UMA] Deriving UMA [Legal] from the law and one simple assumptionYes, one can reference legislation, in notes in the source text, in fixed "talk" files like on Wikipedia or freehand. My sense is that it makes sense for the comments to reference the text rather than the text reference the comments. Comments should change more often than the text and different people can have differing views, hence different comments. The back-links are roughly available now via search on GitHub, but it is funky. In future should be available as queries in the app (grep) or in a graph.
From our conversation today, it seems it might be useful to map the requirements of the privacy laws Adrian mentions to an implementation in UMA. The European part is here (sliced like fish) http://www.commonaccord.org/index.php?action=doc&file=Wx/eu/europa/europarl/2012-0011/Form/0.md, and I could do the US one.
On Fri, Jan 15, 2016 at 7:21 PM, Eve Maler <eve@xmlgrrl.com> wrote:
Re accodification (sure that isn't the process of adding cod to a dish?), should we be thinking about referencing various legislative sources from our model text in parameterized fashion, if possible, as we make our clauses jurisdiction-specific?
On Fri, Jan 15, 2016 at 12:48 PM, James Hazard <james.g.hazard@gmail.com> wrote:
This is very interesting and I agree.
I had accodified ( Eve ;) ) the European text so that one can rehash it and make deep links into it. E.g.:
My sense is that such requirements can drive adoption of good (even best) practices, for instance regarding retention and access:
Those requirements could be baked into agreements with users and governments, such as Appendix 2 to the "Model Clauses" (the tan-colored part near the end of the document):
On Thu, Jan 14, 2016 at 3:13 PM, Adrian Gropper <agropper@healthurl.com> wrote:
_______________________________________________In the last month two very important regulatory guidance documents have been released by the EU and US governments respectively:
http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm
and
http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html
By adding to these regulations a single constraint - that an individual can own and specify the UMA Authorization Server if they choose to - I think we can derive a complete UMA Legal profile and associated clauses.
I've started analysis of the US reg at http://bit.ly/HEARTfromHIPAA I think a similar analysis could be interesting for the EU regs.
Adrian
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
--
@commonaccord
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
--
@commonaccord