Monday, March 1, 2010

OASIS: Making Privacy Operational - Output

I had posted about OASIS: Making Privacy Operational. The audio recording of the webinar is available as is the presentation that was given. I was very impressed with how well they seemed to understand the complexity of Privacy. I think it would be good to dig deeper and help this effort. Healthcare specific Privacy is important, but we must recognize that ultimately the Healthcare privacy must fit within a more general purpose privacy framework.
Thank you for attending the recent OASIS webinar entitled “Making Privacy Operational”. The recorded version is now available at:    

Feel free to distribute these links to others who are interested in the operational aspects of privacy management.

As you know from the webinar, our objective is to create a new OASIS Technical Committee entitled the Privacy Management Reference Model TC, based on the donated PMRM from the ISTPA (

 The PMRM is intended to serve as a template for developing operational solutions to privacy issues, as an analytical tool for assessing the completeness of proposed solutions, and as the basis for establishing categories and groupings of privacy management controls. The Reference Model will not be a “specification” in the formal sense, but is intended to be used as the basis for an implementation standard, which would be developed independently. Comprehensive Use Cases will be solicited and developed in several areas to test the completeness and robustness of the Reference Model.

As a member of OASIS, would you and your organization consider being listed as an initial “proposer” in the charter of the TC? As noted in the webinar, we already have ISTPA, NIST, ABA, CA and several individual members as ‘proposers’. The proposer designation does not commit you to any explicit work effort, but rather shows your support for the objectives of the TC (summarized above and in the webinar) and the assumption that you will follow the progress of the TC. Of course, we will welcome any and all active participants in the TC, since privacy management issues affect all individuals, corporations, and business sectors. 

If “YES”, simply e-mail me at with your contact information and corporate affiliation.

Michael Willett and John Sabo