<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F3864;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Nancy<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>At the end of the day I am of the opinion that relying on a coding scheme to identify what falls into a sensitive “category” and what doesn’t ends up being arbitrary and often dangerously imprecise. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>There is no way to apriori tag what any one consumer considers sensitive and what is considered sensitive by one consumer is not to another. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>In short – I am worried that if there isn’t a way for the consumer to mark what they are comfortable being shared any mechanism to make it “easy” for a data-holder to share with a third party while “respecting” the preferences of the consumer is insufficient and represents a legacy perspective. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>When we enable the consumer to tag their own data and constrain what is shared by the 3<sup>rd</sup> parties that disclose data “on their behalf” we don’t fall into the trap of trying to create one size fits all LOVs that are inaccurate and only reflect the requirements of a regulatory requirement established decades in the past.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>We have to figure out how to enable the consumer to define what they want segmented if we are attempting to be respectful of the consumer’s preference. We all know that these preferences change over time and the consumer should be able to update them. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>I believe data segmenation without the consumer’s ‘corrections’ leaves too many inaccuracies that inevitably result in disclosures not consistent with the individuals preferences. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>We can certainly create categories as an aid to building a consumer specific segmentation rules set but relying on pre-defined code sets to indicate what is sensitive (driven by legacy policies) will miss the mark.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Aaron<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='color:#1F497D'>Aaron Seib, CEO<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>@CaptBlueButton <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> (o) 301-540-2311<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>(m) 301-326-6843<o:p></o:p></span></p><p class=MsoNormal><a href="nate-trust.org"><span style='color:#1F497D;text-decoration:none'><img border=0 width=205 height=48 id="_x0000_i1026" src="cid:image002.jpg@01D2A55B.ABCA1400"></span></a><span style='color:#1F497D'><o:p></o:p></span></p></div><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Openid-specs-heart [mailto:openid-specs-heart-bounces@lists.openid.net] <b>On Behalf Of </b>Nancy Lush<br><b>Sent:</b> Friday, March 24, 2017 5:05 PM<br><b>To:</b> openid-specs-heart@lists.openid.net<br><b>Subject:</b> [Openid-specs-heart] HEART profiling for sensitive data<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:12.0pt;color:#1F3864'>Hello all,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;color:#1F3864'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;color:#1F3864'>Attached is a document which includes background and suggestions for profiling sensitive data. Comments welcome. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;color:#1F3864'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;color:#1F3864'>Thanks, and have a great weekend.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;color:#1F3864'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;color:#1F3864'>-Nancy<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;color:#1F3864'><o:p> </o:p></span></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='border-collapse:collapse'><tr style='height:1.0pt'><td width=428 colspan=2 valign=top style='width:256.7pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><div style='border:none;border-bottom:solid windowtext 1.5pt;padding:0in 0in 1.0pt 0in'><p class=MsoNormal style='line-height:115%'><span style='font-size:8.0pt;line-height:115%;color:#1F3864'><o:p> </o:p></span></p></div><p class=MsoNormal style='mso-line-height-alt:1.0pt'><span style='font-size:8.0pt;color:#1F3864'><o:p> </o:p></span></p></td></tr><tr style='height:1.0pt'><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='mso-line-height-alt:1.0pt'><b><span style='font-size:10.0pt;color:#222A35'>Nancy Lush <o:p></o:p></span></b></p></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='mso-line-height-alt:1.0pt'><span style='font-size:10.0pt;color:#1F3864'><a href="mailto:nancy.lush@lgisoftware.com">nancy.lush@lgisoftware.com</a><o:p></o:p></span></p></td></tr><tr style='height:1.0pt'><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='mso-line-height-alt:1.0pt'><b><span style='font-size:10.0pt;color:#222A35'>Lush Group, Inc<o:p></o:p></span></b></p></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='mso-line-height-alt:1.0pt'><span style='font-size:10.0pt;color:#1F3864'>Office: (401) 423-9111<o:p></o:p></span></p></td></tr><tr style='height:1.0pt'><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='line-height:115%'><span style='font-size:10.0pt;line-height:115%;color:#1F3864'>28 Narragansett Ave<o:p></o:p></span></p><p class=MsoNormal style='mso-line-height-alt:1.0pt'><span style='font-size:10.0pt;color:#1F3864'>PO Box 651<o:p></o:p></span></p></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='line-height:115%'><span style='font-size:10.0pt;line-height:115%;color:#1F3864'><a href="http://www.lgisoftware.com">www.lgisoftware.com</a> <o:p></o:p></span></p><p class=MsoNormal style='mso-line-height-alt:1.0pt'><span style='font-size:10.0pt;color:#1F3864'>Cell:(401) 965-9347<o:p></o:p></span></p></td></tr><tr style='height:1.0pt'><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='mso-line-height-alt:1.0pt'><span style='font-size:10.0pt;color:#1F3864'>Jamestown, RI 02835<o:p></o:p></span></p></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'><p class=MsoNormal style='line-height:115%'><span style='font-size:10.0pt;line-height:115%;color:#1F3864'><o:p> </o:p></span></p></td></tr><tr><td width=428 colspan=2 valign=top style='width:256.7pt;padding:0in 5.75pt 0in 5.75pt'><p class=MsoNormal style='line-height:115%'><span style='font-size:10.0pt;line-height:115%;color:#1F3864'><img border=0 width=153 height=50 id="Picture_x0020_1" src="cid:image003.gif@01D2A55B.ABCA1400" alt="LGI_logo_small"><o:p></o:p></span></p></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=428 colspan=2 valign=bottom style='width:256.7pt;padding:0in 5.75pt 0in 5.75pt'></td></tr></table><p class=MsoNormal><span style='color:#1F3864'><o:p> </o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>