Nat, I'm deeply involved in many standards and policy groups related to personal health information. Without exception, the groups are led and managed by corporate interests and representing the individual patient or licensed professional perspective is a difficult experience at best. I'm a volunteer and I typically pay my own way out of my pocket. Occasionally, I am able to leverage open source communities for actual code and testing. I say this mostly to point out that ISO standards are particularly inaccessible to community open source projects and the sovereign individual and professional interest. This makes ISO a particularly difficult place to work on privacy-related issues, as was noted in recent work of IDESG. Adrian On Thursday, May 5, 2016, Nat Sakimura <sakimura@gmail.com> wrote:
Adrian,
FYI, ISO started a work on Notice and consent. (ISO/IEC 29184). Perhaps you can make things better through it as well. I am the lead editor and your contribution is most welcome. You can do so either through your national body or Kantara.
Best,
On Fri, May 6, 2016 at 08:25 Adrian Gropper <agropper@healthurl.com <javascript:_e(%7B%7D,'cvml','agropper@healthurl.com');>> wrote:
IIW is an absolute joy in that respect. IAPP, to the extent that I understand it, seems like the opposite.
Adrian
On Thu, May 5, 2016 at 7:16 PM, John Wunderlich <john@wunderlich.ca <javascript:_e(%7B%7D,'cvml','john@wunderlich.ca');>> wrote:
Adrian;
The “In the meantime” refers to working with people inside those organizations to ameliorate the situation. It’s a harm reduction strategy to hold the fort where one can.
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca <javascript:_e(%7B%7D,'cvml','john@wunderlich.ca');>
On 5 May 2016 at 18:51, Adrian Gropper <agropper@healthurl.com <javascript:_e(%7B%7D,'cvml','agropper@healthurl.com');>> wrote:
In the health domain that I specialize in, the number of notable corporations or of government agencies that stand out with respect to privacy is exactly 1 (Apple). Every single one of the others is carefully holding ranks. Whatever you mean by "in the meantime" eludes me.
Adrian
On Thu, May 5, 2016 at 5:55 PM, John Wunderlich <john@wunderlich.ca <javascript:_e(%7B%7D,'cvml','john@wunderlich.ca');>> wrote:
Criticizing corporations for focusing on compliance and managing liability is kinda like critiquing a lion for being a carnivore. I take your point, but the solution involves citizen/customer/patient activism to change the context - like patient privacy rights is doing.
But in the meantime, some corporations and some individuals in corporations want to do the right thing, and should be supported. I don't want to Brandon the field just yet.
On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com <javascript:_e(%7B%7D,'cvml','agropper@healthurl.com');>> wrote:
I find articles like this and most of what IAPP stands for deeply upsetting. Everything is from the perspective of the institution, mostly compliance. There is not a single mention of the subject's perspective, much less sympathy.
My guess is that 90% of Privacy Notices are 90% identical to the Staples example. Why isn't anyone calling for privacy notices to be standardized - with exceptions for the 10% that might be actually interesting or differentiating? Because of IAPP and the entire mini-industry that lives off surveillance capitalism.
Shameful.
Adrian
On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca> wrote:
> +1 Robin > > And your list's order correctly, I think, captures the inverse > relationship between operational privacy and privacy theatre. > > On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> > wrote: > >> +1 >> >> Ian Glazer and I wrote about this in our Gartner days (so the >> results are hidden behind the Gartner paywall, regrettably...). >> >> However, a similar discussion surfaced at the ethical data-handling >> workshop I ran last Friday, and we distinguished between the following >> layers: >> >> >> - Privacy policy statement ( = privacy notice, as defined here); >> the outward facing doc saying what you want customers to hear. >> - Privacy policy: the internal statement of what the organisation >> thinks it should do >> - Business process: the internal statement of what the organisation >> thinks it does >> - Actual behaviour >> >> R >> >> On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote: >> >> Useful reading. I’ve written both privacy policies and those things >> on web sites ‘called’ privacy policies. They are infrequently the same >> thing. This piece captures the difference reasonably well. >> >> >> http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti... >> >> >> >> Sincerely, >> John Wunderlich >> @PrivacyCDN >> >> Call: +1 (647) 669-4749 >> eMail: john@wunderlich.ca >> >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they are >> addressed. If you have received this email in error please notify the >> system manager. This message contains confidential information and is >> intended only for the individual named. If you are not the named addressee >> you should not disseminate, distribute or copy this e-mail. Please notify >> the sender immediately by e-mail if you have received this e-mail by >> mistake and delete this e-mail from your system. If you are not the >> intended recipient you are notified that disclosing, copying, distributing >> or taking any action in reliance on the contents of this information is >> strictly prohibited. >> *_______________________________________________* >> WG-InfoSharing mailing list >> WG-InfoSharing@kantarainitiative.org >> http://kantarainitiative.org/mailman/listinfo/wg-infosharing >> >> Robin Wilton >> +44 (0)705 005 2931 >> > > > -- > John Wunderlich > > Fat fingered from a mobile device > Pleez 4give spelling errurz! > > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you have received this email in error please notify the > system manager. This message contains confidential information and is > intended only for the individual named. If you are not the named addressee > you should not disseminate, distribute or copy this e-mail. Please notify > the sender immediately by e-mail if you have received this e-mail by > mistake and delete this e-mail from your system. If you are not the > intended recipient you are notified that disclosing, copying, distributing > or taking any action in reliance on the contents of this information is > strictly prohibited. >
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org <javascript:_e(%7B%7D,'cvml','WG-UMA@kantarainitiative.org');> http://kantarainitiative.org/mailman/listinfo/wg-uma
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/