+1 on having a privacy policy in the first place
+1 on this possible approach on the procedural questions (although
other approaches migth well be fine):
On Jul 6, 2010, at 4:11 AM, Alissa Cooper wrote:
With that said, laying out the core of the policy in an RFC and then
having a speedier mechanism to publish changes (which can also be
incorporated into the core policy when the RFC publication schedule
allows) seems like a decent option.
+1 on the actual substance of the draft policy (which folks should
still consider even as the process discussions take place):
http://www.ietf.org/id/draft-cooper-privacy-policy-01.txt
As I understand the draft, it is attempting to document what is
actually happening with data in people's interactions with the IETF
today. This documentation should happen sooner rather than later, and
should happen in a formal manner.
If people want to debate what SHOULD the practice be with regard to x
or y type of data (e.g., what happens to meeting registration info),
that is also an important discussion to have, but that type of
discussion need not delay a formal documentation of current practice
(and any such documentation can change if the practice is later
changed). The core idea of a privacy policy is to inform users of
current practice, and that should happen soon even if we know there
may be changes after further discussions.
John
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf