Privacy Management Reference Model
and Methodology
(PMRM)
PMRM Comments - Further Development
of Use Case Template
For Discussion
PMRM TC Meeting
March 13, 2014
Comments/Recommendations from Gail
Magnuson
and Diana Proud-Madruga
PMRM v1.0 Conceptual Model
PMRM Methodology
set of 20 discrete tasks
PMRM Services
Services - the organizing structure linking required Privacy
Controls to operational mechanisms necessary for
implementation and conformance
Comments on Template Design-1
• Gail: In reflecting on my experience with the PMRM and
where it might be extremely beneficial, especially for time
starved CPOs is:
o To facilitate a business and IT architecture that is privacy and
security compliant
o To provide visuals for both operations and IT professionals that
help them envision how they might be privacy compliant and
innovate new privacy compliant vehicles as technology changes
Comments on Template Design-2
•
Gail: What this says to me regarding these observations is that
PMRM (and the PMRM example) must:
o Be completed at the macro, not the micro level
o It is too time consuming to be completed at a lower level and
does not reap the benefits for the Privacy Office
o It must produce a super ‘use case’ that is applicable to the many
use cases being developed by IT and Business Professionals
o It must demonstrate a process that is complex with a simple result
o It must be able to translate complex results into examples that
business and IT individuals are able to follow
o These examples MUST go far beyond the high level statements,
such as ‘implement role based security’ and the like. These
statements are generic and can be made without needing the
PMRM
Comments on Template Design-3
•
Gail: From my small amount of hours (less than 16), I have reached
the observations/recommendations:
o It is essential to complete an end-to-end detailed example of the
PMRM in use that will prove that one PMRM process might provide
specific and comprehensive guidance that can be leveraged
over many IT/Operations projects for an entity
o Already in my PMRM exercise, I have designed new products,
domains, business processes, systems and applications that are
FAR more privacy compliant given the original PMRM document.
In doing this I believe that, even before I get to the PI/PII bundles
and the Privacy Controls/Services that the PMRM process has
produced significant results!
o It is critical to consider, as you have indicated, visualization
techniques that allow viewers to drill down into the detail and
provide a view for different types of individuals, e.g. regulators,
privacy office staff, IT and business process engineers
o Today, there exists public information that would support the
completion of an end-to-end example of the power of the
PMRM, without a major investment of time
Comments on Template Design-4
• Gail (continued) :The next challenge is to translate this
comprehensive end-to-end detailed work into what will
resonate with ‘results oriented and time challenged’ CPOs.
This can be done through the visualization techniques
• The specific and comprehensive guidance of the initial PMRM
effort for a corporation must then provide simple instructions
of how to imbed privacy compliance into IT and business
projects and be flexible enough to revise the initial PMRM
work for the next projects as the technology, regulations and
business processes changes
• I support the discussions I heard in Halifax about being able to
present, for example the high level data flow diagrams, and
then be able to ‘drill down’ into the detail. Perhaps we might
explore Michelle Dennedy’s work and/or the capabilities of
something like Tableau for visualization techniques. I was
highly impressed with the Tableau abilities to perform a ‘drill
down’
• It is essential to demonstrate the investment in executing the
PMRM from an ROI perspective. I heard that loud and clear in
the session last week.
Comments on Template Design-5
• Diana: In going through the PMRM, I found myself frequently
wondering what the end result would look like. How would it
all fit together?
o Gail: I believe that the PMRM provides privacy compliant
architectures and designs and technical specifications for
products, processes and systems. In less than 10 hours of
my time I believe I significantly improved the overall
privacy and security of the architecture for the products,
processes and systems.
o Gail: What this also says is that some of the benefit
information in the methodology document might be
repeated in the use case document.
Comments on Template Design-6
• Diana: Right now, as it’s written, the PMRM has many good
and useful elements/areas of exploration that will generate a
large amount of data. Some of this data may already exist in
an enterprise and some will need to be generated from
scratch.
o Gail: I definitely support this suggestion. I also believe that a
good bit of the data is available publicly as well.
Comments on Template Design-7
• Diana: Going through this process for every project/use case
that exists for a large organization is going to be overwhelming
at first glance.
o Gail: I recommended conducting ONE high level, but
comprehensive, PMRM for an organization, and then
leveraging the work at lower levels. Very few organizations
will invest in large $ detailed work.
Comments on Template Design-8
Suggestions for how to make it a less daunting task-1
•
•
Diana: Create extremely simplified, high-level examples to illustrate a
PMA and how it can be used.
o Gail: In addition to the ONE high level PMRM, I support the
visualization idea that provides high level views with drill downs.
Refer to the PMRM and the resulting PMA as living documents,
emphasizing that they can start with one use case and, over time,
expand it to include multiple use cases. Using this approach should
result in significant time savings with each subsequent use case as
many of the elements from previous use cases will apply to the new
use cases.
o Gail: I fully agree with this.
Comments on Template Design-9
Suggestions for how to make it a less daunting task-1
•
Diana: Something like this will NEVER fly without management/executive
buy-in. There should be some kind of brief synopsis outlining the purpose
and benefit/ROI to implementing this process in an enterprise. This
synopsis should be very high-level, non-technical, and with very simplified
examples of how it can be used.
o Gail: Definitely agree. This suggestion is similar to that of creating the
benefit/ROI by audience suggested from the Halifax meeting. While I
did not finish my exercise, this was the first time that I could put into
words the tangible benefits of the PMRM for different audiences,
naturally management included. I had to get to the point where I
could, with a MINIMUM of effort take a use case from beginning to
end, proving that I could create a result that would provide privacy
compliant architecture, designs and technical specifications that
would be far superior to the guidance I provided from the privacy
office heretofore. Since I did not complete the effort, it might be
difficult for one to see what I saw. I was personally convinced that the
synopsis and compelling examples for senior executives can be
developed. I also strongly believe that the first sell is to the timestarved CPO. It is this individual that must be sold first about the
feasibility of using the PMRM.
Comments on Template Design-10
Suggestions for how to make it a less daunting task-2
•
Diana: Many enterprises follow activities/models that accomplish at least
part of what PMRM does. Suggestions on how to leverage work that may
already have been done could be useful.
o Gail: I totally agree and think that this idea should be woven
into the Use Case example.
Comments on Template Design-11
Suggestions for how to make it a less daunting task-3
•
Diana: When I brought up the question of what the end result would look like,
one of the replies was that until you finish the sample use case, you can’t
define the PMA. In my opinion, this is backwards. By defining where you want
to end up, it will help you to define the elements required to get there. By not
defining the PMA, you run the risk of making the process more complicated
than it needs to be. Also, just because you have defined the PMA does not
mean that you can’t change your mind. This should be a spiral development
process, not a linear one.
o Gail: This is the most interesting observation of all. On the one hand, we have
not taken a use case through all of the steps of the PMRM. We have
collectively done a great job at exercising the architecture and design
portions of the PMRM. I found that I was able to produce far more detailed
architecture and design guidance via my PMRM exercise than I gave or was
given to by major privacy experts/consultants. However, we have not yet well
demonstrated translating the design into privacy controls and privacy services
that resonate with those responsible for technical implementations. Given this
observation, perhaps the PMRM group might consider Diana's spiral
development process (which I do support in general) and move forward with a
spiral development process with the first half of the PMRM and a more lineal
process for the second half of the PMRM. Once the full life cycle of the PMRM is
established, then the full PMRM might be further developed in a spiral process.