...
- Welcome (Jan - 5 mins)
- Newcomer Introduction
- Topics
Overview of the ISO privacy related standards
Discussion how DLT maps to ISO standards
- Summary (Jan—5 mins)
- Meeting schedule
Meeting Notes
Recording
...
These are the notes from the meeting.
Privacy has a close association on security in ISO standards. The risk assessments are basically built on top of the information security management system, code of practice and assessment. During the call an overview of the different standards was presented by Jan.
In the open discussion a number of questions were raised how standardization in ISO and ToIP could help identify the controls that are required to adopt DLT.
DLT is emphasised for SSI and Digital Identity technology regarding storage and transfer of personal data will be based on or associated with DLT (block chain) whether the data is stored “on-chain” or “off-chain”. This includes PII that is stored and shared (to authorized actors) via “data sharing hubs”, which may be implemented with non DLT storage.Communication in a transaction graph is largely on consent to use of data, data minimization and trust including trust chains/graphs preserving privacy.
Need metadata to govern data minimization, sensitive data, etc. – handled by OCA transforms where required. Will be an issue on provenance.
Provenance ontology definition needed (Christoph)
GDPR – data transfer is a big issue. A major question is privacy compliance when transferring data across parties/ actors that are NOT same jurisdiction. Do they have the same level of assurances, governance, etc.?
A problem with the ISO approach (?) to compliance, is can you demonstrate there is an actual (data) mis-use problem by another jurisdiction vs. a risk.
| View file | ||||
|---|---|---|---|---|
|
Participants
Participants (Name / Location / Time zone / Affiliation):
...
@Jan Lindquist /Stockholm / CET / Linaltec
Burak Serdar/ Denver, CO / MDT
@ Christoph Fabianek / Vienna / CET / OwnYourData
@ Neil Thomson /Ottawa / EST / QueryVision
@ Jim St.Clair