This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Talk:Summit 2011 Working Sessions/Session073
Thank you for attending! This page is for the session participants to add their ideas and comments.
Please also take a look at the draft FTC response http://www.owasp.org/index.php/Industry:FTC_Protecting_Consumer_Privacy#Draft_Text_version_2 - your input would be very welcome!
Thank you
colin.watson(at)owasp.org
Accomplishments
I was asked to provide the top 3 accomplishments from our session to the summit team. I have suggested:
1) A recognition that OWASP MUST (not should) be active in this space
2) Direct input into OWASP's response to the FTC staff report on consumer privacy
3) A consensus to try to document the drivers, issues, resources and relevant technical approaches
Ideas...
Some suggested headings, but please feel free to add more:
Government policies
Legislation:
- EU:
- UK:
Primary data protection authorities:
- US
- FTC
- ???
- UK
Issues
- Fair processing
- Acceptable use/specified purpose
- Avoid collecting excessive information
- Data accuracy
- Data retention period enforcement (& disposal)
- Protection of data
- Transfers (inter department, company, country)
- Tracking consent and withdrawal of consent
- Provision of consent
- Use of cookies