Tuesday, January 26, 2010

OASIS: Making Privacy Operational

This Webinar is an expiratory discussion to see if there is interest to create a Privacy Management Technical Committee in OASIS. It might be very helpful to our cause in Healthcare to bring in standards beyond Healthcare together. Moving the Privacy discussion out of proprietary implementations into standards is a really good thing. We can do this alone in Healthcare standards like HL7, but we will only cover the space controlled by HL7.  I plan to attend.

OASIS presents a complimentary webinar to discuss the anticipated formation of a new privacy management technical committee.  The TC would be based on the 'Privacy Management Reference Model' produced by the International Security, Trust, and Privacy Alliance (ISTPA), which will be described in the webinar.

Data privacy is the assured, proper, and consistent collection, storage, processing, transmission, use, sharing, trans-border transfer, retention and disposition of Personal Information (PI) throughout its life cycle, consistent with data protection principles, privacy and security policy requirements, and the preferences of the individual, where applicable.
Today, increased cross-border and cross-policy domain data flows, networked information processing, federated systems, application outsourcing, social networks, ubiquitous devices and cloud computing bring ever significant challenges, risk, and management complexity to privacy management.  

Privacy requirements are typically expressed as broad policy objectives (fair information practices and principles) that are far removed from the rigorous requirements' expressions needed by system analysts, architects and developers.  The purpose of the proposed Privacy Management Reference Model TC will be to define a structured format for describing privacy management Services to support and implement any privacy requirements, but at a functional level.

The Reference Model will serve as a template for developing operational solutions to privacy issues, as an analytical tool for assessing the completeness of proposed solutions, and as the basis for establishing categories and groupings of privacy management controls.

Who should attend:
Privacy policy makers, privacy and security consultants, auditors, IT systems architects and designers of systems that collect, use, share, transport across borders, exchange, secure, retain or destroy Personal Information.

Date: Tuesday, February 23, 2010
Time: 11:00 AM - 12:00 PM EST
For more information and to register (Updated URL: https://www1.gotomeeting.com/register/735745448)