InCommon Federation Discussions About Online Student Services

[Ann West <>]

Hi All,

Last week, we had the first of our privacy and security review calls for the CommIT Project. We had a great discussion and I encourage you to read through the notes below and the slides attached. Feel free to send Tim your privacy policy or terms of service if you have one handy. He's trying to compile a collection to compare and use to inform the development of similar documents for the Pilot.

If you'd like to participate on the next privacy and security call (or have one of your colleagues do so), please complete the doodle poll included below in Tim Cameron's message. I'll also send out the call notice when the time has been identified.

Best,

Ann

From: Tim Cameron <>
Date: Wednesday, July 17, 2013 1:04 PM
To: 'SARAH D MORROW' <>, Shelton Waggener <>, "" <>, "" <>, Tom Barton <>, "" <>, 'Michael Morris' <>, "" <>, "" <>, Rodney Petersen <>, "" <>, Jeffrey Alderson <>
Subject: [commit-steering] CommIT Pilot - Privacy and Security Kick Off Call

Attached is the PowerPoint presentation from today’s call. 

 

Additionally, we began a discussion of what operational and technical concerns need to be considered for the pilot from a privacy and security perspective.  The list of items discussed are as follows:

·         How long will records remain in the CPR? What is the purging process?

·         What is CommIT’s process for maintenance of data?  How can the user or others update the information that is contained in the CPR?

·         What are the Terms of Service for CommIT?

·         What is CommIT’s Privacy Policy?

·         Will credentials be used for other onboarding processes other than the admissions application? 

·         What are the US and Global privacy requirements?

 

Tom Barton shared the following information with the team.  Please review this prior to our next call as it may help us frame our requirements for the project:

The uk government has released a set of principles governing identity assurance for use of government services

http://central-government.governmentcomputing.com/news/cabinet-office-releases-draft-identity-assurance-privacy-principles?utm_source=twitterfeed&utm_medium=twitter

It's a nice simply worded list of principles users can expect and strikes me as pretty similar to that the HE  community is trying to achieve.    

 

Next Steps:

1.      Complete the doodle poll so that we can schedule our next call.  The poll can be found here:  http://doodle.com/fqbkfw4p6s6ibxua  Please complete this by July 22^nd.

2.      Think about any privacy and/or security concerns that your institution/organization may have as it relates to the CommIT service.  This will serve as the framework for our next meeting.

3.      If your organization has a Privacy Policy that can be shared, please send it to by July 31^st.  Please let me know if it is a public document or if it needs to be de-identified prior to sharing.

4.      If your organization has a Terms of Service document that can be shared, please send it to by July 31^st.  Please let me know if it is a public document or if it needs to be de-identified prior to sharing.

 

If you have any questions in the interim, please don’t hesitate to contact me.  Thanks!

Tim

 

Attachment: CommITbaseline_07172013.pptx
Description: CommITbaseline_07172013.pptx