International Security Trust & Privacy Alliance Privacy, Security, Trust
Search
space
Home  |  About Us  |  News  |  Events  |  Join Us  |  FAQs  |  Network  |  Members

FAQs

Privacy Framework

Privacy Tools & Technology
Related Links:
Framework [pdf]
Privacy Tools & Technology [pdf]

Privacy Framework FAQ – January 20, 2003

  1. What is the purpose of the ISTPA Privacy Framework?
    The purpose of the Framework is to provide an analytical starting point and basis for developing products and services that support current and evolving privacy regulations and business policies, both international and domestic.


  2. Why is the Framework important?
    As legislative, regulatory and market requirements for privacy protection progress, it is essential that trusted and reliable solutions be developed and deployed that meet those requirements. The Framework is an essential resource for constructing trusted and reliable solutions for privacy protection.


  3. What is the Framework, what are the components?
    The Framework is a set of collaborating services and capabilities that can be used as an analytical model for understanding and resolving security, trust and privacy related problems. It is extensible and designed to support regulatory-specific requirements across an array of industry cases.

    The primary aspect of the Framework is its services;

    Audit
    Certification
    Control
    Enforcement
    Interaction
    Negotiation
    Validation
    Access (capability)
    Agent (capability)
    Usage (capability)

    that support an international and domestic array of privacy regulation and Fair Information Practices.

    Secondary components include the repository of analytical artifacts defining essential classes, elements or objects within the Framework. Thirdly, the Framework defines a set of necessary security services and infrastructure.


  4. How can the Framework be used?
    First, as a tool for mapping the business processes and technical support mechanisms needed to support data protection policies and fair information practices. Second, as a reusable repository of analysis artifacts, industry and regulatory specific use cases, UML diagrams, requirement specifications, actor and object definitions, and glossary of terms, that will act to guide and enhance the construction of privacy solutions. Third, as a reference resource containing descriptions and links to other frameworks, infrastructure and legal works necessary for the construction, design and implementation of data protection solutions.


  5. Who will use the Framework?
    Information technology product and service management companies, developers, architects, designers, engineers responsible for constructing privacy solutions; public and private entities exploring and assessing solutions; those preparing their organizations for compliance or seeking to create competitive advantages; and the audit community.


  6. How do I gain access to the Framework?
    Access is available to all current members of the ISTPA. The Framework is available to members via the ISTPA members-only section of the Web site. Descriptions, i.e., white papers, executive briefs and news relating to the Framework are available to non-members at www.istpa.org.


  7. Who produced the Framework?
    The ISTPA Framework Working Group, one of the ISTPA's key member-supported committees.


  8. Will the Framework be a standard?
    The ISTPA is not a direct part of the International Standards community. However, through its membership, the ISTPA is working with standards bodies in utilizing the Privacy Framework as they consider the many issues integral to the discussion of security and privacy standards. The Framework Working Group, with the support of two of its members, the ISSEA and EWA IIT, is currently reviewing a plan to propose the ISTPA Privacy Framework as a Publicly Available Specification (PAS) for the International Organization for Standardization (ISO) Joint Technical Committee 1 (JTC 1).


  9. What are the central concepts?
    Reuse - namely a reusable repository of analytical components necessary for privacy product and service construction. Trust and integrity - solutions are developed with a sound and comprehensive attention to accountability and responsibility - designed to satisfy and assert legal, regulatory and market (consumer) requirements. Informational self-determination - data subject control over exchange and processing of personal information.


  10. What is the relationship to other privacy tools and technology?
    The ISTPA Privacy Framework is an unbiased body of analytical constructs that are reusable and extensible by other privacy tool and technology suppliers to address application, regulatory, or industry specific requirements.


  11. What is the relationship to other privacy initiatives?
    This ISTPA Privacy Framework is a unique effort and by design seeks to be independent of any particular privacy policy initiatives or efforts to create or influence any legislation or regulations. The ISTPA bylaws and organizational goals make clear we are not a lobbyist entity with particular privacy views or agendas to promote. This includes privacy technology initiatives that may focus on a particular aspect of privacy but not fully address the breadth of Fair Information Practices and international legal frameworks (for example, the EU Data Protection Directive).


  12. What is P3P's relationship to the Framework?
    P3P is an emerging industry standard that enables web sites to express their privacy practices in a standardized format that can be automatically retrieved and interpreted by user agents. The goal is to help users be informed about web site practices by simplifying the process of reading privacy policies. P3P 1.0 offers no security, negotiation, control or audit services. Personal information (PI) owners and their Data Controllers/Processors must rely upon other infrastructure services to secure, negotiate, control and account for the processing of personal information. These other necessary services are defined in the ISTPA Framework and work synergistically with standards like P3P to offer a trusted, security and privacy compliant processing environment.


  13. How does the Framework relate to privacy regulation?
    The ISTPA Privacy Framework is organized and designed to satisfy and assert privacy regulation. As a reusable repository of analytical artifacts (UML diagrams, use cases, requirement specifications) it seeks to clarify, make unambiguous numerous and evolving regulatory requirements in relevant industry and government practice.


  14. When will the Framework be available?
    2nd Qtr. 2002, the ISTPA published the 1.0 release. 4th Qtr. 2002 the 1.1 release was published on CD. Copies of the Framework on CD or via email (PDF) can be requested by sending email to director@istpa.org.


  15. What material are available?
    A Framework White Paper, ISTPA Framework Project (PDF), and this FAQ is available for download at the ISTPA web site.
Privacy  |  Legal  |  Contact

Home | About Us | News | Events | Join Us | FAQs | Network | Members
Site Map | Search | Privacy | Legal | Contact

Copyright © 1999 - 2007 International Security, Trust & Privacy Alliance
All Rights Reserved.