Thanks for pointing this out. It's a spectacular example of why we should not confuse security and privacy. What sounds "reasonable" for security (per the article) is gibberish for privacy. Privacy, as NIST very nicely explains, is different from security in that the system is behaving as designed. The sale or misuse of data is intentional and hidden, sometimes at additional cost, by the entity. (This is also why I think the construct "Privacy by Design" does more harm than good.)

On Sun, May 14, 2017 at 3:03 PM John Wunderlich <john@wunderlich.ca> wrote:

In UMA legal and the Information Sharing workgroups, it will be important to be mindful of 'best practices' vs 'reasonable efforts'.

http://www.dataprotectionreport.com/2017/05/do-promises-to-use-best-efforts-to-protect-data-really-require-unreasonable-action/

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma