2021-11-16 Privacy SIG Notes

update from last PC (Privacy SIG was mentioned), November, 4th Meeting

Peter

• A smaller group will reach out to others for acceptance criteria for code. Harry is going to lead that group.

• Concerns from the Privacy SIG on how compliance will be implemented were talked about.

• This goes further than the Technical Council's input.

• Also SysOps raised technical aspects. 

revisit the overall plan we came up with last time:

What is PII and how can it be implemented? Perhaps we can come up with a cascade of basic principles, general solutions and abstract functional requirements. This might help SMEs, POs and developers to get acquainted with PII-privacy and concepts/requirements.

• Finish SIG Charter 

• Approval of Product Council.

• Compile list of FOLIO key groups and contacts, e.g. sysops.

• Finish general log file requirements. or better: log file standards

• Develop basic workflow for implementing privacy in the project at governance level and then module-specific implementation level.  Will require presentations and conversations at both levels.

• Some topics, solutions include: GDPR requirements for correcting data and giving data to user upon request; keep data in only the module where it belongs; anonymization (remove), pseudo-anonymization contains key that needs to be thrown away. These are often confused.

Adam, Carsten

• having the focus of this group on "privacy standards" instead of "privacy requirements" likely fits better within the FOLIO community

• talk about a "proposed standard" and request comments on it...

• Reordered the priorities

• we agreed upon the SIG-Charter (version at the end) and will come to a decision next meeting.

• added a (first) structure to Privacy SIG Documentation - Privacy SIG - FOLIO Wiki

come up with a plan for the first task logfile standard

Ingolf?

moved to next meeting

other aspects that are or might be relevant?

everyone

...