Re: [WG-UMA] Privacy policy or privacy notice: what's the difference? | CIO
+1 Robin And your list's order correctly, I think, captures the inverse relationship between operational privacy and privacy theatre. On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> wrote:
+1
Ian Glazer and I wrote about this in our Gartner days (so the results are hidden behind the Gartner paywall, regrettably...).
However, a similar discussion surfaced at the ethical data-handling workshop I ran last Friday, and we distinguished between the following layers:
- Privacy policy statement ( = privacy notice, as defined here); the outward facing doc saying what you want customers to hear. - Privacy policy: the internal statement of what the organisation thinks it should do - Business process: the internal statement of what the organisation thinks it does - Actual behaviour
R
On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote:
Useful reading. I’ve written both privacy policies and those things on web sites ‘called’ privacy policies. They are infrequently the same thing. This piece captures the difference reasonably well.
http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti...
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca <javascript:_e(%7B%7D,'cvml','john@wunderlich.ca');>
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. *_______________________________________________* WG-InfoSharing mailing list WG-InfoSharing@kantarainitiative.org <javascript:_e(%7B%7D,'cvml','WG-InfoSharing@kantarainitiative.org');> http://kantarainitiative.org/mailman/listinfo/wg-infosharing
Robin Wilton +44 (0)705 005 2931
-- John Wunderlich Fat fingered from a mobile device Pleez 4give spelling errurz! -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
I find articles like this and most of what IAPP stands for deeply upsetting. Everything is from the perspective of the institution, mostly compliance. There is not a single mention of the subject's perspective, much less sympathy. My guess is that 90% of Privacy Notices are 90% identical to the Staples example. Why isn't anyone calling for privacy notices to be standardized - with exceptions for the 10% that might be actually interesting or differentiating? Because of IAPP and the entire mini-industry that lives off surveillance capitalism. Shameful. Adrian On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca> wrote:
+1 Robin
And your list's order correctly, I think, captures the inverse relationship between operational privacy and privacy theatre.
On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm <javascript:_e(%7B%7D,'cvml','racingsnake@fastmail.fm');>> wrote:
+1
Ian Glazer and I wrote about this in our Gartner days (so the results are hidden behind the Gartner paywall, regrettably...).
However, a similar discussion surfaced at the ethical data-handling workshop I ran last Friday, and we distinguished between the following layers:
- Privacy policy statement ( = privacy notice, as defined here); the outward facing doc saying what you want customers to hear. - Privacy policy: the internal statement of what the organisation thinks it should do - Business process: the internal statement of what the organisation thinks it does - Actual behaviour
R
On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote:
Useful reading. I’ve written both privacy policies and those things on web sites ‘called’ privacy policies. They are infrequently the same thing. This piece captures the difference reasonably well.
http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti...
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. *_______________________________________________* WG-InfoSharing mailing list WG-InfoSharing@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-infosharing
Robin Wilton +44 (0)705 005 2931
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
Criticizing corporations for focusing on compliance and managing liability is kinda like critiquing a lion for being a carnivore. I take your point, but the solution involves citizen/customer/patient activism to change the context - like patient privacy rights is doing. But in the meantime, some corporations and some individuals in corporations want to do the right thing, and should be supported. I don't want to Brandon the field just yet. On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com> wrote:
I find articles like this and most of what IAPP stands for deeply upsetting. Everything is from the perspective of the institution, mostly compliance. There is not a single mention of the subject's perspective, much less sympathy.
My guess is that 90% of Privacy Notices are 90% identical to the Staples example. Why isn't anyone calling for privacy notices to be standardized - with exceptions for the 10% that might be actually interesting or differentiating? Because of IAPP and the entire mini-industry that lives off surveillance capitalism.
Shameful.
Adrian
On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca <javascript:_e(%7B%7D,'cvml','john@wunderlich.ca');>> wrote:
+1 Robin
And your list's order correctly, I think, captures the inverse relationship between operational privacy and privacy theatre.
On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> wrote:
+1
Ian Glazer and I wrote about this in our Gartner days (so the results are hidden behind the Gartner paywall, regrettably...).
However, a similar discussion surfaced at the ethical data-handling workshop I ran last Friday, and we distinguished between the following layers:
- Privacy policy statement ( = privacy notice, as defined here); the outward facing doc saying what you want customers to hear. - Privacy policy: the internal statement of what the organisation thinks it should do - Business process: the internal statement of what the organisation thinks it does - Actual behaviour
R
On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote:
Useful reading. I’ve written both privacy policies and those things on web sites ‘called’ privacy policies. They are infrequently the same thing. This piece captures the difference reasonably well.
http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti...
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. *_______________________________________________* WG-InfoSharing mailing list WG-InfoSharing@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-infosharing
Robin Wilton +44 (0)705 005 2931
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
-- John Wunderlich Fat fingered from a mobile device Pleez 4give spelling errurz! -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
In the health domain that I specialize in, the number of notable corporations or of government agencies that stand out with respect to privacy is exactly 1 (Apple). Every single one of the others is carefully holding ranks. Whatever you mean by "in the meantime" eludes me. Adrian On Thu, May 5, 2016 at 5:55 PM, John Wunderlich <john@wunderlich.ca> wrote:
Criticizing corporations for focusing on compliance and managing liability is kinda like critiquing a lion for being a carnivore. I take your point, but the solution involves citizen/customer/patient activism to change the context - like patient privacy rights is doing.
But in the meantime, some corporations and some individuals in corporations want to do the right thing, and should be supported. I don't want to Brandon the field just yet.
On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com> wrote:
I find articles like this and most of what IAPP stands for deeply upsetting. Everything is from the perspective of the institution, mostly compliance. There is not a single mention of the subject's perspective, much less sympathy.
My guess is that 90% of Privacy Notices are 90% identical to the Staples example. Why isn't anyone calling for privacy notices to be standardized - with exceptions for the 10% that might be actually interesting or differentiating? Because of IAPP and the entire mini-industry that lives off surveillance capitalism.
Shameful.
Adrian
On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca> wrote:
+1 Robin
And your list's order correctly, I think, captures the inverse relationship between operational privacy and privacy theatre.
On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> wrote:
+1
Ian Glazer and I wrote about this in our Gartner days (so the results are hidden behind the Gartner paywall, regrettably...).
However, a similar discussion surfaced at the ethical data-handling workshop I ran last Friday, and we distinguished between the following layers:
- Privacy policy statement ( = privacy notice, as defined here); the outward facing doc saying what you want customers to hear. - Privacy policy: the internal statement of what the organisation thinks it should do - Business process: the internal statement of what the organisation thinks it does - Actual behaviour
R
On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote:
Useful reading. I’ve written both privacy policies and those things on web sites ‘called’ privacy policies. They are infrequently the same thing. This piece captures the difference reasonably well.
http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti...
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. *_______________________________________________* WG-InfoSharing mailing list WG-InfoSharing@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-infosharing
Robin Wilton +44 (0)705 005 2931
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
Adrian; The “In the meantime” refers to working with people inside those organizations to ameliorate the situation. It’s a harm reduction strategy to hold the fort where one can. Sincerely, John Wunderlich @PrivacyCDN Call: +1 (647) 669-4749 eMail: john@wunderlich.ca On 5 May 2016 at 18:51, Adrian Gropper <agropper@healthurl.com> wrote:
In the health domain that I specialize in, the number of notable corporations or of government agencies that stand out with respect to privacy is exactly 1 (Apple). Every single one of the others is carefully holding ranks. Whatever you mean by "in the meantime" eludes me.
Adrian
On Thu, May 5, 2016 at 5:55 PM, John Wunderlich <john@wunderlich.ca> wrote:
Criticizing corporations for focusing on compliance and managing liability is kinda like critiquing a lion for being a carnivore. I take your point, but the solution involves citizen/customer/patient activism to change the context - like patient privacy rights is doing.
But in the meantime, some corporations and some individuals in corporations want to do the right thing, and should be supported. I don't want to Brandon the field just yet.
On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com> wrote:
I find articles like this and most of what IAPP stands for deeply upsetting. Everything is from the perspective of the institution, mostly compliance. There is not a single mention of the subject's perspective, much less sympathy.
My guess is that 90% of Privacy Notices are 90% identical to the Staples example. Why isn't anyone calling for privacy notices to be standardized - with exceptions for the 10% that might be actually interesting or differentiating? Because of IAPP and the entire mini-industry that lives off surveillance capitalism.
Shameful.
Adrian
On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca> wrote:
+1 Robin
And your list's order correctly, I think, captures the inverse relationship between operational privacy and privacy theatre.
On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> wrote:
+1
Ian Glazer and I wrote about this in our Gartner days (so the results are hidden behind the Gartner paywall, regrettably...).
However, a similar discussion surfaced at the ethical data-handling workshop I ran last Friday, and we distinguished between the following layers:
- Privacy policy statement ( = privacy notice, as defined here); the outward facing doc saying what you want customers to hear. - Privacy policy: the internal statement of what the organisation thinks it should do - Business process: the internal statement of what the organisation thinks it does - Actual behaviour
R
On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote:
Useful reading. I’ve written both privacy policies and those things on web sites ‘called’ privacy policies. They are infrequently the same thing. This piece captures the difference reasonably well.
http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti...
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. *_______________________________________________* WG-InfoSharing mailing list WG-InfoSharing@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-infosharing
Robin Wilton +44 (0)705 005 2931
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
-- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
IIW is an absolute joy in that respect. IAPP, to the extent that I understand it, seems like the opposite. Adrian On Thu, May 5, 2016 at 7:16 PM, John Wunderlich <john@wunderlich.ca> wrote:
Adrian;
The “In the meantime” refers to working with people inside those organizations to ameliorate the situation. It’s a harm reduction strategy to hold the fort where one can.
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca
On 5 May 2016 at 18:51, Adrian Gropper <agropper@healthurl.com> wrote:
In the health domain that I specialize in, the number of notable corporations or of government agencies that stand out with respect to privacy is exactly 1 (Apple). Every single one of the others is carefully holding ranks. Whatever you mean by "in the meantime" eludes me.
Adrian
On Thu, May 5, 2016 at 5:55 PM, John Wunderlich <john@wunderlich.ca> wrote:
Criticizing corporations for focusing on compliance and managing liability is kinda like critiquing a lion for being a carnivore. I take your point, but the solution involves citizen/customer/patient activism to change the context - like patient privacy rights is doing.
But in the meantime, some corporations and some individuals in corporations want to do the right thing, and should be supported. I don't want to Brandon the field just yet.
On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com> wrote:
I find articles like this and most of what IAPP stands for deeply upsetting. Everything is from the perspective of the institution, mostly compliance. There is not a single mention of the subject's perspective, much less sympathy.
My guess is that 90% of Privacy Notices are 90% identical to the Staples example. Why isn't anyone calling for privacy notices to be standardized - with exceptions for the 10% that might be actually interesting or differentiating? Because of IAPP and the entire mini-industry that lives off surveillance capitalism.
Shameful.
Adrian
On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca> wrote:
+1 Robin
And your list's order correctly, I think, captures the inverse relationship between operational privacy and privacy theatre.
On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> wrote:
+1
Ian Glazer and I wrote about this in our Gartner days (so the results are hidden behind the Gartner paywall, regrettably...).
However, a similar discussion surfaced at the ethical data-handling workshop I ran last Friday, and we distinguished between the following layers:
- Privacy policy statement ( = privacy notice, as defined here); the outward facing doc saying what you want customers to hear. - Privacy policy: the internal statement of what the organisation thinks it should do - Business process: the internal statement of what the organisation thinks it does - Actual behaviour
R
On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote:
Useful reading. I’ve written both privacy policies and those things on web sites ‘called’ privacy policies. They are infrequently the same thing. This piece captures the difference reasonably well.
http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti...
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. *_______________________________________________* WG-InfoSharing mailing list WG-InfoSharing@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-infosharing
Robin Wilton +44 (0)705 005 2931
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
Adrian, FYI, ISO started a work on Notice and consent. (ISO/IEC 29184). Perhaps you can make things better through it as well. I am the lead editor and your contribution is most welcome. You can do so either through your national body or Kantara. Best, On Fri, May 6, 2016 at 08:25 Adrian Gropper <agropper@healthurl.com> wrote:
IIW is an absolute joy in that respect. IAPP, to the extent that I understand it, seems like the opposite.
Adrian
On Thu, May 5, 2016 at 7:16 PM, John Wunderlich <john@wunderlich.ca> wrote:
Adrian;
The “In the meantime” refers to working with people inside those organizations to ameliorate the situation. It’s a harm reduction strategy to hold the fort where one can.
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca
On 5 May 2016 at 18:51, Adrian Gropper <agropper@healthurl.com> wrote:
In the health domain that I specialize in, the number of notable corporations or of government agencies that stand out with respect to privacy is exactly 1 (Apple). Every single one of the others is carefully holding ranks. Whatever you mean by "in the meantime" eludes me.
Adrian
On Thu, May 5, 2016 at 5:55 PM, John Wunderlich <john@wunderlich.ca> wrote:
Criticizing corporations for focusing on compliance and managing liability is kinda like critiquing a lion for being a carnivore. I take your point, but the solution involves citizen/customer/patient activism to change the context - like patient privacy rights is doing.
But in the meantime, some corporations and some individuals in corporations want to do the right thing, and should be supported. I don't want to Brandon the field just yet.
On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com> wrote:
I find articles like this and most of what IAPP stands for deeply upsetting. Everything is from the perspective of the institution, mostly compliance. There is not a single mention of the subject's perspective, much less sympathy.
My guess is that 90% of Privacy Notices are 90% identical to the Staples example. Why isn't anyone calling for privacy notices to be standardized - with exceptions for the 10% that might be actually interesting or differentiating? Because of IAPP and the entire mini-industry that lives off surveillance capitalism.
Shameful.
Adrian
On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca> wrote:
+1 Robin
And your list's order correctly, I think, captures the inverse relationship between operational privacy and privacy theatre.
On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> wrote:
> +1 > > Ian Glazer and I wrote about this in our Gartner days (so the > results are hidden behind the Gartner paywall, regrettably...). > > However, a similar discussion surfaced at the ethical data-handling > workshop I ran last Friday, and we distinguished between the following > layers: > > > - Privacy policy statement ( = privacy notice, as defined here); the > outward facing doc saying what you want customers to hear. > - Privacy policy: the internal statement of what the organisation > thinks it should do > - Business process: the internal statement of what the organisation > thinks it does > - Actual behaviour > > R > > On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote: > > Useful reading. I’ve written both privacy policies and those things > on web sites ‘called’ privacy policies. They are infrequently the same > thing. This piece captures the difference reasonably well. > > > http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti... > > > > Sincerely, > John Wunderlich > @PrivacyCDN > > Call: +1 (647) 669-4749 > eMail: john@wunderlich.ca > > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you have received this email in error please notify the > system manager. This message contains confidential information and is > intended only for the individual named. If you are not the named addressee > you should not disseminate, distribute or copy this e-mail. Please notify > the sender immediately by e-mail if you have received this e-mail by > mistake and delete this e-mail from your system. If you are not the > intended recipient you are notified that disclosing, copying, distributing > or taking any action in reliance on the contents of this information is > strictly prohibited. > *_______________________________________________* > WG-InfoSharing mailing list > WG-InfoSharing@kantarainitiative.org > http://kantarainitiative.org/mailman/listinfo/wg-infosharing > > Robin Wilton > +44 (0)705 005 2931 >
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
Nat, I'm deeply involved in many standards and policy groups related to personal health information. Without exception, the groups are led and managed by corporate interests and representing the individual patient or licensed professional perspective is a difficult experience at best. I'm a volunteer and I typically pay my own way out of my pocket. Occasionally, I am able to leverage open source communities for actual code and testing. I say this mostly to point out that ISO standards are particularly inaccessible to community open source projects and the sovereign individual and professional interest. This makes ISO a particularly difficult place to work on privacy-related issues, as was noted in recent work of IDESG. Adrian On Thursday, May 5, 2016, Nat Sakimura <sakimura@gmail.com> wrote:
Adrian,
FYI, ISO started a work on Notice and consent. (ISO/IEC 29184). Perhaps you can make things better through it as well. I am the lead editor and your contribution is most welcome. You can do so either through your national body or Kantara.
Best,
On Fri, May 6, 2016 at 08:25 Adrian Gropper <agropper@healthurl.com <javascript:_e(%7B%7D,'cvml','agropper@healthurl.com');>> wrote:
IIW is an absolute joy in that respect. IAPP, to the extent that I understand it, seems like the opposite.
Adrian
On Thu, May 5, 2016 at 7:16 PM, John Wunderlich <john@wunderlich.ca <javascript:_e(%7B%7D,'cvml','john@wunderlich.ca');>> wrote:
Adrian;
The “In the meantime” refers to working with people inside those organizations to ameliorate the situation. It’s a harm reduction strategy to hold the fort where one can.
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca <javascript:_e(%7B%7D,'cvml','john@wunderlich.ca');>
On 5 May 2016 at 18:51, Adrian Gropper <agropper@healthurl.com <javascript:_e(%7B%7D,'cvml','agropper@healthurl.com');>> wrote:
In the health domain that I specialize in, the number of notable corporations or of government agencies that stand out with respect to privacy is exactly 1 (Apple). Every single one of the others is carefully holding ranks. Whatever you mean by "in the meantime" eludes me.
Adrian
On Thu, May 5, 2016 at 5:55 PM, John Wunderlich <john@wunderlich.ca <javascript:_e(%7B%7D,'cvml','john@wunderlich.ca');>> wrote:
Criticizing corporations for focusing on compliance and managing liability is kinda like critiquing a lion for being a carnivore. I take your point, but the solution involves citizen/customer/patient activism to change the context - like patient privacy rights is doing.
But in the meantime, some corporations and some individuals in corporations want to do the right thing, and should be supported. I don't want to Brandon the field just yet.
On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com <javascript:_e(%7B%7D,'cvml','agropper@healthurl.com');>> wrote:
I find articles like this and most of what IAPP stands for deeply upsetting. Everything is from the perspective of the institution, mostly compliance. There is not a single mention of the subject's perspective, much less sympathy.
My guess is that 90% of Privacy Notices are 90% identical to the Staples example. Why isn't anyone calling for privacy notices to be standardized - with exceptions for the 10% that might be actually interesting or differentiating? Because of IAPP and the entire mini-industry that lives off surveillance capitalism.
Shameful.
Adrian
On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca> wrote:
> +1 Robin > > And your list's order correctly, I think, captures the inverse > relationship between operational privacy and privacy theatre. > > On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> > wrote: > >> +1 >> >> Ian Glazer and I wrote about this in our Gartner days (so the >> results are hidden behind the Gartner paywall, regrettably...). >> >> However, a similar discussion surfaced at the ethical data-handling >> workshop I ran last Friday, and we distinguished between the following >> layers: >> >> >> - Privacy policy statement ( = privacy notice, as defined here); >> the outward facing doc saying what you want customers to hear. >> - Privacy policy: the internal statement of what the organisation >> thinks it should do >> - Business process: the internal statement of what the organisation >> thinks it does >> - Actual behaviour >> >> R >> >> On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote: >> >> Useful reading. I’ve written both privacy policies and those things >> on web sites ‘called’ privacy policies. They are infrequently the same >> thing. This piece captures the difference reasonably well. >> >> >> http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti... >> >> >> >> Sincerely, >> John Wunderlich >> @PrivacyCDN >> >> Call: +1 (647) 669-4749 >> eMail: john@wunderlich.ca >> >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they are >> addressed. If you have received this email in error please notify the >> system manager. This message contains confidential information and is >> intended only for the individual named. If you are not the named addressee >> you should not disseminate, distribute or copy this e-mail. Please notify >> the sender immediately by e-mail if you have received this e-mail by >> mistake and delete this e-mail from your system. If you are not the >> intended recipient you are notified that disclosing, copying, distributing >> or taking any action in reliance on the contents of this information is >> strictly prohibited. >> *_______________________________________________* >> WG-InfoSharing mailing list >> WG-InfoSharing@kantarainitiative.org >> http://kantarainitiative.org/mailman/listinfo/wg-infosharing >> >> Robin Wilton >> +44 (0)705 005 2931 >> > > > -- > John Wunderlich > > Fat fingered from a mobile device > Pleez 4give spelling errurz! > > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you have received this email in error please notify the > system manager. This message contains confidential information and is > intended only for the individual named. If you are not the named addressee > you should not disseminate, distribute or copy this e-mail. Please notify > the sender immediately by e-mail if you have received this e-mail by > mistake and delete this e-mail from your system. If you are not the > intended recipient you are notified that disclosing, copying, distributing > or taking any action in reliance on the contents of this information is > strictly prohibited. >
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org <javascript:_e(%7B%7D,'cvml','WG-UMA@kantarainitiative.org');> http://kantarainitiative.org/mailman/listinfo/wg-uma
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
Adrian, What's interesting about SC27/WG5 is that there are many people from privacy regulators who typically stands on the side of individuals. They often are the loudest voice in the room. So, I do not find the group being led and managed by the corporate interest. Right. The discussions are not fully open but that has its merits, and if one is interested, he can get in through various channels. End result is typically not free[1], but it is not prohibitive for a group of people either. [1] e.g. ISO/IEC 29100 Privacy Framework is available free of charge. On Fri, May 6, 2016 at 21:03 Adrian Gropper <agropper@healthurl.com> wrote:
Nat,
I'm deeply involved in many standards and policy groups related to personal health information. Without exception, the groups are led and managed by corporate interests and representing the individual patient or licensed professional perspective is a difficult experience at best. I'm a volunteer and I typically pay my own way out of my pocket. Occasionally, I am able to leverage open source communities for actual code and testing.
I say this mostly to point out that ISO standards are particularly inaccessible to community open source projects and the sovereign individual and professional interest. This makes ISO a particularly difficult place to work on privacy-related issues, as was noted in recent work of IDESG.
Adrian
On Thursday, May 5, 2016, Nat Sakimura <sakimura@gmail.com> wrote:
Adrian,
FYI, ISO started a work on Notice and consent. (ISO/IEC 29184). Perhaps you can make things better through it as well. I am the lead editor and your contribution is most welcome. You can do so either through your national body or Kantara.
Best,
On Fri, May 6, 2016 at 08:25 Adrian Gropper <agropper@healthurl.com> wrote:
IIW is an absolute joy in that respect. IAPP, to the extent that I understand it, seems like the opposite.
Adrian
On Thu, May 5, 2016 at 7:16 PM, John Wunderlich <john@wunderlich.ca> wrote:
Adrian;
The “In the meantime” refers to working with people inside those organizations to ameliorate the situation. It’s a harm reduction strategy to hold the fort where one can.
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca
On 5 May 2016 at 18:51, Adrian Gropper <agropper@healthurl.com> wrote:
In the health domain that I specialize in, the number of notable corporations or of government agencies that stand out with respect to privacy is exactly 1 (Apple). Every single one of the others is carefully holding ranks. Whatever you mean by "in the meantime" eludes me.
Adrian
On Thu, May 5, 2016 at 5:55 PM, John Wunderlich <john@wunderlich.ca> wrote:
Criticizing corporations for focusing on compliance and managing liability is kinda like critiquing a lion for being a carnivore. I take your point, but the solution involves citizen/customer/patient activism to change the context - like patient privacy rights is doing.
But in the meantime, some corporations and some individuals in corporations want to do the right thing, and should be supported. I don't want to Brandon the field just yet.
On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com> wrote:
> I find articles like this and most of what IAPP stands for deeply > upsetting. Everything is from the perspective of the institution, mostly > compliance. There is not a single mention of the subject's perspective, > much less sympathy. > > My guess is that 90% of Privacy Notices are 90% identical to the > Staples example. Why isn't anyone calling for privacy notices to be > standardized - with exceptions for the 10% that might be > actually interesting or differentiating? Because of IAPP and the entire > mini-industry that lives off surveillance capitalism. > > Shameful. > > Adrian > > On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca> > wrote: > >> +1 Robin >> >> And your list's order correctly, I think, captures the inverse >> relationship between operational privacy and privacy theatre. >> >> On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> >> wrote: >> >>> +1 >>> >>> Ian Glazer and I wrote about this in our Gartner days (so the >>> results are hidden behind the Gartner paywall, regrettably...). >>> >>> However, a similar discussion surfaced at the ethical >>> data-handling workshop I ran last Friday, and we distinguished between the >>> following layers: >>> >>> >>> - Privacy policy statement ( = privacy notice, as defined here); >>> the outward facing doc saying what you want customers to hear. >>> - Privacy policy: the internal statement of what the organisation >>> thinks it should do >>> - Business process: the internal statement of what the >>> organisation thinks it does >>> - Actual behaviour >>> >>> R >>> >>> On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote: >>> >>> Useful reading. I’ve written both privacy policies and those >>> things on web sites ‘called’ privacy policies. They are infrequently the >>> same thing. This piece captures the difference reasonably well. >>> >>> >>> http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti... >>> >>> >>> >>> Sincerely, >>> John Wunderlich >>> @PrivacyCDN >>> >>> Call: +1 (647) 669-4749 >>> eMail: john@wunderlich.ca >>> >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they are >>> addressed. If you have received this email in error please notify the >>> system manager. This message contains confidential information and is >>> intended only for the individual named. If you are not the named addressee >>> you should not disseminate, distribute or copy this e-mail. Please notify >>> the sender immediately by e-mail if you have received this e-mail by >>> mistake and delete this e-mail from your system. If you are not the >>> intended recipient you are notified that disclosing, copying, distributing >>> or taking any action in reliance on the contents of this information is >>> strictly prohibited. >>> *_______________________________________________* >>> WG-InfoSharing mailing list >>> WG-InfoSharing@kantarainitiative.org >>> http://kantarainitiative.org/mailman/listinfo/wg-infosharing >>> >>> Robin Wilton >>> +44 (0)705 005 2931 >>> >> >> >> -- >> John Wunderlich >> >> Fat fingered from a mobile device >> Pleez 4give spelling errurz! >> >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they are >> addressed. If you have received this email in error please notify the >> system manager. This message contains confidential information and is >> intended only for the individual named. If you are not the named addressee >> you should not disseminate, distribute or copy this e-mail. Please notify >> the sender immediately by e-mail if you have received this e-mail by >> mistake and delete this e-mail from your system. If you are not the >> intended recipient you are notified that disclosing, copying, distributing >> or taking any action in reliance on the contents of this information is >> strictly prohibited. >> > > > -- > > Adrian Gropper MD > > PROTECT YOUR FUTURE - RESTORE Health Privacy! > HELP us fight for the right to control personal health data. > DONATE: http://patientprivacyrights.org/donate-2/ > >
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
Hi Nat, Could you send a link to the spec so I can read it? I looked it up online and what I've found says "under development" and isn't posted at all. Thank you, Mary On Thu, May 5, 2016 at 5:42 PM, Nat Sakimura <sakimura@gmail.com> wrote:
Adrian,
FYI, ISO started a work on Notice and consent. (ISO/IEC 29184). Perhaps you can make things better through it as well. I am the lead editor and your contribution is most welcome. You can do so either through your national body or Kantara.
Best,
On Fri, May 6, 2016 at 08:25 Adrian Gropper <agropper@healthurl.com> wrote:
IIW is an absolute joy in that respect. IAPP, to the extent that I understand it, seems like the opposite.
Adrian
On Thu, May 5, 2016 at 7:16 PM, John Wunderlich <john@wunderlich.ca> wrote:
Adrian;
The “In the meantime” refers to working with people inside those organizations to ameliorate the situation. It’s a harm reduction strategy to hold the fort where one can.
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca
On 5 May 2016 at 18:51, Adrian Gropper <agropper@healthurl.com> wrote:
In the health domain that I specialize in, the number of notable corporations or of government agencies that stand out with respect to privacy is exactly 1 (Apple). Every single one of the others is carefully holding ranks. Whatever you mean by "in the meantime" eludes me.
Adrian
On Thu, May 5, 2016 at 5:55 PM, John Wunderlich <john@wunderlich.ca> wrote:
Criticizing corporations for focusing on compliance and managing liability is kinda like critiquing a lion for being a carnivore. I take your point, but the solution involves citizen/customer/patient activism to change the context - like patient privacy rights is doing.
But in the meantime, some corporations and some individuals in corporations want to do the right thing, and should be supported. I don't want to Brandon the field just yet.
On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com> wrote:
I find articles like this and most of what IAPP stands for deeply upsetting. Everything is from the perspective of the institution, mostly compliance. There is not a single mention of the subject's perspective, much less sympathy.
My guess is that 90% of Privacy Notices are 90% identical to the Staples example. Why isn't anyone calling for privacy notices to be standardized - with exceptions for the 10% that might be actually interesting or differentiating? Because of IAPP and the entire mini-industry that lives off surveillance capitalism.
Shameful.
Adrian
On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca> wrote:
> +1 Robin > > And your list's order correctly, I think, captures the inverse > relationship between operational privacy and privacy theatre. > > On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> > wrote: > >> +1 >> >> Ian Glazer and I wrote about this in our Gartner days (so the >> results are hidden behind the Gartner paywall, regrettably...). >> >> However, a similar discussion surfaced at the ethical data-handling >> workshop I ran last Friday, and we distinguished between the following >> layers: >> >> >> - Privacy policy statement ( = privacy notice, as defined here); >> the outward facing doc saying what you want customers to hear. >> - Privacy policy: the internal statement of what the organisation >> thinks it should do >> - Business process: the internal statement of what the organisation >> thinks it does >> - Actual behaviour >> >> R >> >> On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote: >> >> Useful reading. I’ve written both privacy policies and those things >> on web sites ‘called’ privacy policies. They are infrequently the same >> thing. This piece captures the difference reasonably well. >> >> >> http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti... >> >> >> >> Sincerely, >> John Wunderlich >> @PrivacyCDN >> >> Call: +1 (647) 669-4749 >> eMail: john@wunderlich.ca >> >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they are >> addressed. If you have received this email in error please notify the >> system manager. This message contains confidential information and is >> intended only for the individual named. If you are not the named addressee >> you should not disseminate, distribute or copy this e-mail. Please notify >> the sender immediately by e-mail if you have received this e-mail by >> mistake and delete this e-mail from your system. If you are not the >> intended recipient you are notified that disclosing, copying, distributing >> or taking any action in reliance on the contents of this information is >> strictly prohibited. >> *_______________________________________________* >> WG-InfoSharing mailing list >> WG-InfoSharing@kantarainitiative.org >> http://kantarainitiative.org/mailman/listinfo/wg-infosharing >> >> Robin Wilton >> +44 (0)705 005 2931 >> > > > -- > John Wunderlich > > Fat fingered from a mobile device > Pleez 4give spelling errurz! > > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you have received this email in error please notify the > system manager. This message contains confidential information and is > intended only for the individual named. If you are not the named addressee > you should not disseminate, distribute or copy this e-mail. Please notify > the sender immediately by e-mail if you have received this e-mail by > mistake and delete this e-mail from your system. If you are not the > intended recipient you are notified that disclosing, copying, distributing > or taking any action in reliance on the contents of this information is > strictly prohibited. >
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
_______________________________________________ WG-InfoSharing mailing list WG-InfoSharing@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-infosharing
Hi Mary, It will be sent to Kantara for review and comment in a month or so. I have to finish applying the changes before it gets to be sent ;-) Nat On Sat, May 7, 2016 at 09:26 mary hodder <hodder@gmail.com> wrote:
Hi Nat, Could you send a link to the spec so I can read it?
I looked it up online and what I've found says "under development" and isn't posted at all.
Thank you, Mary
On Thu, May 5, 2016 at 5:42 PM, Nat Sakimura <sakimura@gmail.com> wrote:
Adrian,
FYI, ISO started a work on Notice and consent. (ISO/IEC 29184). Perhaps you can make things better through it as well. I am the lead editor and your contribution is most welcome. You can do so either through your national body or Kantara.
Best,
On Fri, May 6, 2016 at 08:25 Adrian Gropper <agropper@healthurl.com> wrote:
IIW is an absolute joy in that respect. IAPP, to the extent that I understand it, seems like the opposite.
Adrian
On Thu, May 5, 2016 at 7:16 PM, John Wunderlich <john@wunderlich.ca> wrote:
Adrian;
The “In the meantime” refers to working with people inside those organizations to ameliorate the situation. It’s a harm reduction strategy to hold the fort where one can.
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca
On 5 May 2016 at 18:51, Adrian Gropper <agropper@healthurl.com> wrote:
In the health domain that I specialize in, the number of notable corporations or of government agencies that stand out with respect to privacy is exactly 1 (Apple). Every single one of the others is carefully holding ranks. Whatever you mean by "in the meantime" eludes me.
Adrian
On Thu, May 5, 2016 at 5:55 PM, John Wunderlich <john@wunderlich.ca> wrote:
Criticizing corporations for focusing on compliance and managing liability is kinda like critiquing a lion for being a carnivore. I take your point, but the solution involves citizen/customer/patient activism to change the context - like patient privacy rights is doing.
But in the meantime, some corporations and some individuals in corporations want to do the right thing, and should be supported. I don't want to Brandon the field just yet.
On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com> wrote:
> I find articles like this and most of what IAPP stands for deeply > upsetting. Everything is from the perspective of the institution, mostly > compliance. There is not a single mention of the subject's perspective, > much less sympathy. > > My guess is that 90% of Privacy Notices are 90% identical to the > Staples example. Why isn't anyone calling for privacy notices to be > standardized - with exceptions for the 10% that might be > actually interesting or differentiating? Because of IAPP and the entire > mini-industry that lives off surveillance capitalism. > > Shameful. > > Adrian > > On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca> > wrote: > >> +1 Robin >> >> And your list's order correctly, I think, captures the inverse >> relationship between operational privacy and privacy theatre. >> >> On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> >> wrote: >> >>> +1 >>> >>> Ian Glazer and I wrote about this in our Gartner days (so the >>> results are hidden behind the Gartner paywall, regrettably...). >>> >>> However, a similar discussion surfaced at the ethical >>> data-handling workshop I ran last Friday, and we distinguished between the >>> following layers: >>> >>> >>> - Privacy policy statement ( = privacy notice, as defined here); >>> the outward facing doc saying what you want customers to hear. >>> - Privacy policy: the internal statement of what the organisation >>> thinks it should do >>> - Business process: the internal statement of what the >>> organisation thinks it does >>> - Actual behaviour >>> >>> R >>> >>> On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote: >>> >>> Useful reading. I’ve written both privacy policies and those >>> things on web sites ‘called’ privacy policies. They are infrequently the >>> same thing. This piece captures the difference reasonably well. >>> >>> >>> http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti... >>> >>> >>> >>> Sincerely, >>> John Wunderlich >>> @PrivacyCDN >>> >>> Call: +1 (647) 669-4749 >>> eMail: john@wunderlich.ca >>> >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they are >>> addressed. If you have received this email in error please notify the >>> system manager. This message contains confidential information and is >>> intended only for the individual named. If you are not the named addressee >>> you should not disseminate, distribute or copy this e-mail. Please notify >>> the sender immediately by e-mail if you have received this e-mail by >>> mistake and delete this e-mail from your system. If you are not the >>> intended recipient you are notified that disclosing, copying, distributing >>> or taking any action in reliance on the contents of this information is >>> strictly prohibited. >>> *_______________________________________________* >>> WG-InfoSharing mailing list >>> WG-InfoSharing@kantarainitiative.org >>> http://kantarainitiative.org/mailman/listinfo/wg-infosharing >>> >>> Robin Wilton >>> +44 (0)705 005 2931 >>> >> >> >> -- >> John Wunderlich >> >> Fat fingered from a mobile device >> Pleez 4give spelling errurz! >> >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they are >> addressed. If you have received this email in error please notify the >> system manager. This message contains confidential information and is >> intended only for the individual named. If you are not the named addressee >> you should not disseminate, distribute or copy this e-mail. Please notify >> the sender immediately by e-mail if you have received this e-mail by >> mistake and delete this e-mail from your system. If you are not the >> intended recipient you are notified that disclosing, copying, distributing >> or taking any action in reliance on the contents of this information is >> strictly prohibited. >> > > > -- > > Adrian Gropper MD > > PROTECT YOUR FUTURE - RESTORE Health Privacy! > HELP us fight for the right to control personal health data. > DONATE: http://patientprivacyrights.org/donate-2/ > >
-- John Wunderlich
Fat fingered from a mobile device Pleez 4give spelling errurz!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
_______________________________________________ WG-InfoSharing mailing list WG-InfoSharing@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-infosharing
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
Ok thanks Nat. Will look forward to seeing it. mary On Sat, May 7, 2016 at 1:36 AM, Nat Sakimura <sakimura@gmail.com> wrote:
Hi Mary,
It will be sent to Kantara for review and comment in a month or so. I have to finish applying the changes before it gets to be sent ;-)
Nat
On Sat, May 7, 2016 at 09:26 mary hodder <hodder@gmail.com> wrote:
Hi Nat, Could you send a link to the spec so I can read it?
I looked it up online and what I've found says "under development" and isn't posted at all.
Thank you, Mary
On Thu, May 5, 2016 at 5:42 PM, Nat Sakimura <sakimura@gmail.com> wrote:
Adrian,
FYI, ISO started a work on Notice and consent. (ISO/IEC 29184). Perhaps you can make things better through it as well. I am the lead editor and your contribution is most welcome. You can do so either through your national body or Kantara.
Best,
On Fri, May 6, 2016 at 08:25 Adrian Gropper <agropper@healthurl.com> wrote:
IIW is an absolute joy in that respect. IAPP, to the extent that I understand it, seems like the opposite.
Adrian
On Thu, May 5, 2016 at 7:16 PM, John Wunderlich <john@wunderlich.ca> wrote:
Adrian;
The “In the meantime” refers to working with people inside those organizations to ameliorate the situation. It’s a harm reduction strategy to hold the fort where one can.
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca
On 5 May 2016 at 18:51, Adrian Gropper <agropper@healthurl.com> wrote:
In the health domain that I specialize in, the number of notable corporations or of government agencies that stand out with respect to privacy is exactly 1 (Apple). Every single one of the others is carefully holding ranks. Whatever you mean by "in the meantime" eludes me.
Adrian
On Thu, May 5, 2016 at 5:55 PM, John Wunderlich <john@wunderlich.ca> wrote:
> Criticizing corporations for focusing on compliance and managing > liability is kinda like critiquing a lion for being a carnivore. I take > your point, but the solution involves citizen/customer/patient activism to > change the context - like patient privacy rights is doing. > > But in the meantime, some corporations and some individuals in > corporations want to do the right thing, and should be supported. I don't > want to Brandon the field just yet. > > > On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com> > wrote: > >> I find articles like this and most of what IAPP stands for deeply >> upsetting. Everything is from the perspective of the institution, mostly >> compliance. There is not a single mention of the subject's perspective, >> much less sympathy. >> >> My guess is that 90% of Privacy Notices are 90% identical to the >> Staples example. Why isn't anyone calling for privacy notices to be >> standardized - with exceptions for the 10% that might be >> actually interesting or differentiating? Because of IAPP and the entire >> mini-industry that lives off surveillance capitalism. >> >> Shameful. >> >> Adrian >> >> On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca> >> wrote: >> >>> +1 Robin >>> >>> And your list's order correctly, I think, captures the inverse >>> relationship between operational privacy and privacy theatre. >>> >>> On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> >>> wrote: >>> >>>> +1 >>>> >>>> Ian Glazer and I wrote about this in our Gartner days (so the >>>> results are hidden behind the Gartner paywall, regrettably...). >>>> >>>> However, a similar discussion surfaced at the ethical >>>> data-handling workshop I ran last Friday, and we distinguished between the >>>> following layers: >>>> >>>> >>>> - Privacy policy statement ( = privacy notice, as defined here); >>>> the outward facing doc saying what you want customers to hear. >>>> - Privacy policy: the internal statement of what the organisation >>>> thinks it should do >>>> - Business process: the internal statement of what the >>>> organisation thinks it does >>>> - Actual behaviour >>>> >>>> R >>>> >>>> On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote: >>>> >>>> Useful reading. I’ve written both privacy policies and those >>>> things on web sites ‘called’ privacy policies. They are infrequently the >>>> same thing. This piece captures the difference reasonably well. >>>> >>>> >>>> http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti... >>>> >>>> >>>> >>>> Sincerely, >>>> John Wunderlich >>>> @PrivacyCDN >>>> >>>> Call: +1 (647) 669-4749 >>>> eMail: john@wunderlich.ca >>>> >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they are >>>> addressed. If you have received this email in error please notify the >>>> system manager. This message contains confidential information and is >>>> intended only for the individual named. If you are not the named addressee >>>> you should not disseminate, distribute or copy this e-mail. Please notify >>>> the sender immediately by e-mail if you have received this e-mail by >>>> mistake and delete this e-mail from your system. If you are not the >>>> intended recipient you are notified that disclosing, copying, distributing >>>> or taking any action in reliance on the contents of this information is >>>> strictly prohibited. >>>> *_______________________________________________* >>>> WG-InfoSharing mailing list >>>> WG-InfoSharing@kantarainitiative.org >>>> http://kantarainitiative.org/mailman/listinfo/wg-infosharing >>>> >>>> Robin Wilton >>>> +44 (0)705 005 2931 >>>> >>> >>> >>> -- >>> John Wunderlich >>> >>> Fat fingered from a mobile device >>> Pleez 4give spelling errurz! >>> >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they are >>> addressed. If you have received this email in error please notify the >>> system manager. This message contains confidential information and is >>> intended only for the individual named. If you are not the named addressee >>> you should not disseminate, distribute or copy this e-mail. Please notify >>> the sender immediately by e-mail if you have received this e-mail by >>> mistake and delete this e-mail from your system. If you are not the >>> intended recipient you are notified that disclosing, copying, distributing >>> or taking any action in reliance on the contents of this information is >>> strictly prohibited. >>> >> >> >> -- >> >> Adrian Gropper MD >> >> PROTECT YOUR FUTURE - RESTORE Health Privacy! >> HELP us fight for the right to control personal health data. >> DONATE: http://patientprivacyrights.org/donate-2/ >> >> > > -- > John Wunderlich > > Fat fingered from a mobile device > Pleez 4give spelling errurz! > > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you have received this email in error please notify the > system manager. This message contains confidential information and is > intended only for the individual named. If you are not the named addressee > you should not disseminate, distribute or copy this e-mail. Please notify > the sender immediately by e-mail if you have received this e-mail by > mistake and delete this e-mail from your system. If you are not the > intended recipient you are notified that disclosing, copying, distributing > or taking any action in reliance on the contents of this information is > strictly prohibited. >
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
_______________________________________________ WG-InfoSharing mailing list WG-InfoSharing@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-infosharing
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
Oh, btw, pre-change draft is available here: http://kantarainitiative.org/confluence/download/attachments/78447832/N15834... On Sun, May 8, 2016 at 00:46 mary hodder <hodder@gmail.com> wrote:
Ok thanks Nat. Will look forward to seeing it.
mary
On Sat, May 7, 2016 at 1:36 AM, Nat Sakimura <sakimura@gmail.com> wrote:
Hi Mary,
It will be sent to Kantara for review and comment in a month or so. I have to finish applying the changes before it gets to be sent ;-)
Nat
On Sat, May 7, 2016 at 09:26 mary hodder <hodder@gmail.com> wrote:
Hi Nat, Could you send a link to the spec so I can read it?
I looked it up online and what I've found says "under development" and isn't posted at all.
Thank you, Mary
On Thu, May 5, 2016 at 5:42 PM, Nat Sakimura <sakimura@gmail.com> wrote:
Adrian,
FYI, ISO started a work on Notice and consent. (ISO/IEC 29184). Perhaps you can make things better through it as well. I am the lead editor and your contribution is most welcome. You can do so either through your national body or Kantara.
Best,
On Fri, May 6, 2016 at 08:25 Adrian Gropper <agropper@healthurl.com> wrote:
IIW is an absolute joy in that respect. IAPP, to the extent that I understand it, seems like the opposite.
Adrian
On Thu, May 5, 2016 at 7:16 PM, John Wunderlich <john@wunderlich.ca> wrote:
Adrian;
The “In the meantime” refers to working with people inside those organizations to ameliorate the situation. It’s a harm reduction strategy to hold the fort where one can.
Sincerely, John Wunderlich @PrivacyCDN
Call: +1 (647) 669-4749 eMail: john@wunderlich.ca
On 5 May 2016 at 18:51, Adrian Gropper <agropper@healthurl.com> wrote:
> In the health domain that I specialize in, the number of notable > corporations or of government agencies that stand out with respect to > privacy is exactly 1 (Apple). Every single one of the others is carefully > holding ranks. Whatever you mean by "in the meantime" eludes me. > > Adrian > > On Thu, May 5, 2016 at 5:55 PM, John Wunderlich <john@wunderlich.ca> > wrote: > >> Criticizing corporations for focusing on compliance and managing >> liability is kinda like critiquing a lion for being a carnivore. I take >> your point, but the solution involves citizen/customer/patient activism to >> change the context - like patient privacy rights is doing. >> >> But in the meantime, some corporations and some individuals in >> corporations want to do the right thing, and should be supported. I don't >> want to Brandon the field just yet. >> >> >> On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com> >> wrote: >> >>> I find articles like this and most of what IAPP stands for deeply >>> upsetting. Everything is from the perspective of the institution, mostly >>> compliance. There is not a single mention of the subject's perspective, >>> much less sympathy. >>> >>> My guess is that 90% of Privacy Notices are 90% identical to the >>> Staples example. Why isn't anyone calling for privacy notices to be >>> standardized - with exceptions for the 10% that might be >>> actually interesting or differentiating? Because of IAPP and the entire >>> mini-industry that lives off surveillance capitalism. >>> >>> Shameful. >>> >>> Adrian >>> >>> On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca> >>> wrote: >>> >>>> +1 Robin >>>> >>>> And your list's order correctly, I think, captures the inverse >>>> relationship between operational privacy and privacy theatre. >>>> >>>> On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm> >>>> wrote: >>>> >>>>> +1 >>>>> >>>>> Ian Glazer and I wrote about this in our Gartner days (so the >>>>> results are hidden behind the Gartner paywall, regrettably...). >>>>> >>>>> However, a similar discussion surfaced at the ethical >>>>> data-handling workshop I ran last Friday, and we distinguished between the >>>>> following layers: >>>>> >>>>> >>>>> - Privacy policy statement ( = privacy notice, as defined here); >>>>> the outward facing doc saying what you want customers to hear. >>>>> - Privacy policy: the internal statement of what the >>>>> organisation thinks it should do >>>>> - Business process: the internal statement of what the >>>>> organisation thinks it does >>>>> - Actual behaviour >>>>> >>>>> R >>>>> >>>>> On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote: >>>>> >>>>> Useful reading. I’ve written both privacy policies and those >>>>> things on web sites ‘called’ privacy policies. They are infrequently the >>>>> same thing. This piece captures the difference reasonably well. >>>>> >>>>> >>>>> http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti... >>>>> >>>>> >>>>> >>>>> Sincerely, >>>>> John Wunderlich >>>>> @PrivacyCDN >>>>> >>>>> Call: +1 (647) 669-4749 >>>>> eMail: john@wunderlich.ca >>>>> >>>>> >>>>> This email and any files transmitted with it are confidential >>>>> and intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify the >>>>> system manager. This message contains confidential information and is >>>>> intended only for the individual named. If you are not the named addressee >>>>> you should not disseminate, distribute or copy this e-mail. Please notify >>>>> the sender immediately by e-mail if you have received this e-mail by >>>>> mistake and delete this e-mail from your system. If you are not the >>>>> intended recipient you are notified that disclosing, copying, distributing >>>>> or taking any action in reliance on the contents of this information is >>>>> strictly prohibited. >>>>> *_______________________________________________* >>>>> WG-InfoSharing mailing list >>>>> WG-InfoSharing@kantarainitiative.org >>>>> http://kantarainitiative.org/mailman/listinfo/wg-infosharing >>>>> >>>>> Robin Wilton >>>>> +44 (0)705 005 2931 >>>>> >>>> >>>> >>>> -- >>>> John Wunderlich >>>> >>>> Fat fingered from a mobile device >>>> Pleez 4give spelling errurz! >>>> >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they are >>>> addressed. If you have received this email in error please notify the >>>> system manager. This message contains confidential information and is >>>> intended only for the individual named. If you are not the named addressee >>>> you should not disseminate, distribute or copy this e-mail. Please notify >>>> the sender immediately by e-mail if you have received this e-mail by >>>> mistake and delete this e-mail from your system. If you are not the >>>> intended recipient you are notified that disclosing, copying, distributing >>>> or taking any action in reliance on the contents of this information is >>>> strictly prohibited. >>>> >>> >>> >>> -- >>> >>> Adrian Gropper MD >>> >>> PROTECT YOUR FUTURE - RESTORE Health Privacy! >>> HELP us fight for the right to control personal health data. >>> DONATE: http://patientprivacyrights.org/donate-2/ >>> >>> >> >> -- >> John Wunderlich >> >> Fat fingered from a mobile device >> Pleez 4give spelling errurz! >> >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they are >> addressed. If you have received this email in error please notify the >> system manager. This message contains confidential information and is >> intended only for the individual named. If you are not the named addressee >> you should not disseminate, distribute or copy this e-mail. Please notify >> the sender immediately by e-mail if you have received this e-mail by >> mistake and delete this e-mail from your system. If you are not the >> intended recipient you are notified that disclosing, copying, distributing >> or taking any action in reliance on the contents of this information is >> strictly prohibited. >> > > > > -- > > Adrian Gropper MD > > PROTECT YOUR FUTURE - RESTORE Health Privacy! > HELP us fight for the right to control personal health data. > DONATE: http://patientprivacyrights.org/donate-2/ >
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
_______________________________________________ WG-InfoSharing mailing list WG-InfoSharing@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-infosharing
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
-- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
Apparently, the direct link does not work. You need to go to <http://kantarainitiative.org/confluence/pages/viewpage.action?pageId=78447832> http://kantarainitiative.org/confluence/pages/viewpage.action?pageId=7844783... and find the document titled N15834 WG5N225 NWIP_Priv_online notice & consent 20151124.pdf You need to be a member of the Liaison Committee. As the filename suggests, it is from the last fall. I will be making a new version by the end of this month, which is going to be 1st WD 29184. Best, Nat -- PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail. From: wg-uma-bounces@kantarainitiative.org [mailto:wg-uma-bounces@kantarainitiative.org] On Behalf Of Nat Sakimura Sent: Sunday, May 8, 2016 3:25 PM To: mary hodder <hodder@gmail.com> Cc: wg-uma <wg-uma@kantarainitiative.org>; Information Sharing Work Group <wg-infosharing@kantarainitiative.org>; Robin Wilton <racingsnake@fastmail.fm> Subject: Re: [WG-UMA] [WG-InfoSharing] Privacy policy or privacy notice: what's the difference? | CIO Oh, btw, pre-change draft is available here: http://kantarainitiative.org/confluence/download/attachments/78447832/N15834... On Sun, May 8, 2016 at 00:46 mary hodder <hodder@gmail.com <mailto:hodder@gmail.com> > wrote: Ok thanks Nat. Will look forward to seeing it. mary On Sat, May 7, 2016 at 1:36 AM, Nat Sakimura <sakimura@gmail.com <mailto:sakimura@gmail.com> > wrote: Hi Mary, It will be sent to Kantara for review and comment in a month or so. I have to finish applying the changes before it gets to be sent ;-) Nat On Sat, May 7, 2016 at 09:26 mary hodder <hodder@gmail.com <mailto:hodder@gmail.com> > wrote: Hi Nat, Could you send a link to the spec so I can read it? I looked it up online and what I've found says "under development" and isn't posted at all. Thank you, Mary On Thu, May 5, 2016 at 5:42 PM, Nat Sakimura <sakimura@gmail.com <mailto:sakimura@gmail.com> > wrote: Adrian, FYI, ISO started a work on Notice and consent. (ISO/IEC 29184). Perhaps you can make things better through it as well. I am the lead editor and your contribution is most welcome. You can do so either through your national body or Kantara. Best, On Fri, May 6, 2016 at 08:25 Adrian Gropper <agropper@healthurl.com <mailto:agropper@healthurl.com> > wrote: IIW is an absolute joy in that respect. IAPP, to the extent that I understand it, seems like the opposite. Adrian On Thu, May 5, 2016 at 7:16 PM, John Wunderlich <john@wunderlich.ca <mailto:john@wunderlich.ca> > wrote: Adrian; The “In the meantime” refers to working with people inside those organizations to ameliorate the situation. It’s a harm reduction strategy to hold the fort where one can. Sincerely, John Wunderlich @PrivacyCDN Call: +1 (647) 669-4749 <tel:%2B1%20%28647%29%20669-4749> eMail: john@wunderlich.ca <mailto:john@wunderlich.ca> On 5 May 2016 at 18:51, Adrian Gropper <agropper@healthurl.com <mailto:agropper@healthurl.com> > wrote: In the health domain that I specialize in, the number of notable corporations or of government agencies that stand out with respect to privacy is exactly 1 (Apple). Every single one of the others is carefully holding ranks. Whatever you mean by "in the meantime" eludes me. Adrian On Thu, May 5, 2016 at 5:55 PM, John Wunderlich <john@wunderlich.ca <mailto:john@wunderlich.ca> > wrote: Criticizing corporations for focusing on compliance and managing liability is kinda like critiquing a lion for being a carnivore. I take your point, but the solution involves citizen/customer/patient activism to change the context - like patient privacy rights is doing. But in the meantime, some corporations and some individuals in corporations want to do the right thing, and should be supported. I don't want to Brandon the field just yet. On Thursday, 5 May 2016, Adrian Gropper <agropper@healthurl.com <mailto:agropper@healthurl.com> > wrote: I find articles like this and most of what IAPP stands for deeply upsetting. Everything is from the perspective of the institution, mostly compliance. There is not a single mention of the subject's perspective, much less sympathy. My guess is that 90% of Privacy Notices are 90% identical to the Staples example. Why isn't anyone calling for privacy notices to be standardized - with exceptions for the 10% that might be actually interesting or differentiating? Because of IAPP and the entire mini-industry that lives off surveillance capitalism. Shameful. Adrian On Thursday, May 5, 2016, John Wunderlich <john@wunderlich.ca <mailto:john@wunderlich.ca> > wrote: +1 Robin And your list's order correctly, I think, captures the inverse relationship between operational privacy and privacy theatre. On Thursday, 5 May 2016, Robin Wilton <racingsnake@fastmail.fm <mailto:racingsnake@fastmail.fm> > wrote: +1 Ian Glazer and I wrote about this in our Gartner days (so the results are hidden behind the Gartner paywall, regrettably...). However, a similar discussion surfaced at the ethical data-handling workshop I ran last Friday, and we distinguished between the following layers: - Privacy policy statement ( = privacy notice, as defined here); the outward facing doc saying what you want customers to hear. - Privacy policy: the internal statement of what the organisation thinks it should do - Business process: the internal statement of what the organisation thinks it does - Actual behaviour R On Thu, May 5, 2016, at 07:23 PM, John Wunderlich wrote: Useful reading. I’ve written both privacy policies and those things on web sites ‘called’ privacy policies. They are infrequently the same thing. This piece captures the difference reasonably well. http://www.cio.com/article/3063601/privacy/privacy-policies-and-privacy-noti... Sincerely, John Wunderlich @PrivacyCDN Call: +1 (647) 669-4749 <tel:%2B1%20%28647%29%20669-4749> eMail: john@wunderlich.ca <mailto:john@wunderlich.ca> This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. _______________________________________________ WG-InfoSharing mailing list WG-InfoSharing@kantarainitiative.org <mailto:WG-InfoSharing@kantarainitiative.org> http://kantarainitiative.org/mailman/listinfo/wg-infosharing Robin Wilton +44 (0)705 005 2931 <tel:%2B44%20%280%29705%20005%202931> -- John Wunderlich Fat fingered from a mobile device Pleez 4give spelling errurz! This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. -- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: <http://patientprivacyrights.org/donate-2/> http://patientprivacyrights.org/donate-2/ -- John Wunderlich Fat fingered from a mobile device Pleez 4give spelling errurz! This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. -- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: <http://patientprivacyrights.org/donate-2/> http://patientprivacyrights.org/donate-2/ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. -- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: <http://patientprivacyrights.org/donate-2/> http://patientprivacyrights.org/donate-2/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org <mailto:WG-UMA@kantarainitiative.org> http://kantarainitiative.org/mailman/listinfo/wg-uma -- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative _______________________________________________ WG-InfoSharing mailing list WG-InfoSharing@kantarainitiative.org <mailto:WG-InfoSharing@kantarainitiative.org> http://kantarainitiative.org/mailman/listinfo/wg-infosharing -- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative -- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
participants (5)
-
Adrian Gropper -
John Wunderlich -
mary hodder -
Nat Sakimura -
Nat Sakimura