On 3/17/2018 2:41 AM, Kurt Andersen (b) wrote:
There are two aspects to this -
1. batching (lightens the load for reporting receivers), and
2. re privacy - the fact that someone with authority (over the domain)
has requested said reports suffices for GDPR legal/consent coverage
I'll suggest that 'privacy' divides into at least three important
distinctions:
1. Identification of PII among a set of data ii ie, define an
attribute set
2. Ability to handle PII differentially
3. Policies for deciding when/how to divulge PII and to whom
The first two are technical details that seem to make sense for this
group. The last does not.
The essential benefit of excluding the third item, is that it then means
the group does not need legal expertise (except to make sure that the
mechanical listing of attributes considered PII is sufficient -- but I'm
guessing that's far easier than the when/how/who disclosure behavior....
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
