[Openid-specs-heart] HEART profiling for sensitive data

Aaron Seib aaron.seib at nate-trust.org
Sat Mar 25 15:33:51 UTC 2017


Nancy

 

At the end of the day I am of the opinion that relying on a coding scheme to
identify what falls into a sensitive "category" and what doesn't ends up
being arbitrary and often dangerously imprecise.  

 

There is no way to apriori tag what any one consumer considers sensitive and
what is considered sensitive by one consumer is not to another.  

 

In short - I am worried that if there isn't a way for the consumer to mark
what they are comfortable being shared any mechanism to make it "easy" for a
data-holder to share with a third party while "respecting" the preferences
of the consumer is insufficient and represents a legacy perspective.  

 

When we enable the consumer to tag their own data and constrain what is
shared by the 3rd parties that disclose data "on their behalf" we don't fall
into the trap of trying to create one size fits all LOVs that are inaccurate
and only reflect the requirements of a regulatory requirement established
decades in the past.

 

We have to figure out how to enable the consumer to define what they want
segmented if we are attempting to be respectful of the consumer's
preference.  We all know that these preferences change over time and the
consumer should be able to update them.  

 

I believe data segmenation without the consumer's 'corrections' leaves too
many inaccuracies that inevitably result in disclosures not consistent with
the individuals preferences.  

 

We can certainly create categories as an aid to building a consumer specific
segmentation rules set but relying on pre-defined code sets to indicate what
is sensitive (driven by legacy policies) will miss the mark.

 

Aaron

 

Aaron Seib, CEO

@CaptBlueButton 

 (o) 301-540-2311

(m) 301-326-6843



 

From: Openid-specs-heart
[mailto:openid-specs-heart-bounces at lists.openid.net] On Behalf Of Nancy Lush
Sent: Friday, March 24, 2017 5:05 PM
To: openid-specs-heart at lists.openid.net
Subject: [Openid-specs-heart] HEART profiling for sensitive data

 

Hello all,

 

Attached is a document which includes background and suggestions for
profiling sensitive data.  Comments welcome. 

 

Thanks, and have a great weekend.

 

-Nancy

 


 

 


Nancy Lush          

nancy.lush at lgisoftware.com


Lush Group, Inc

Office: (401) 423-9111


28 Narragansett Ave

PO Box 651

www.lgisoftware.com 

Cell:(401) 965-9347


Jamestown, RI 02835

	
	
 


LGI_logo_small

		
		
		
		
		
		
		
		
		
		
	

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170325/91d6af77/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 3204 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170325/91d6af77/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.gif
Type: image/gif
Size: 3006 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170325/91d6af77/attachment.gif>


More information about the Openid-specs-heart mailing list