I'm not really keen on getting involved in this discussion any more
than I have been, but I can't help noting one thing:
On Thu, Jul 15, 2010 at 11:50:58PM +0100, John Morris wrote:
2. We have many examples of leading banks, stores, and others
mishandling credit card and other records, so unless the IETF has come
up with some secret security sauce to eliminate all possibility of a
human or technical screwup with personal info, there is clear risk that
the IETF could mishandle data and be at the wrong end of a litigation.
Given that practically every such leading back and store and so on had
a rich, long, detailed, hard to read privacy policy, I fail completely
to see how the having of a policy provides any value at all to the
IETF in such cases. In the case of companies and so on, it has a
value, because firing people for violating the policy is the sort of
consequence that employers can use. But the IETF isn't like that. It
isn't even a legal entity. So it doesn't have anyone to fire, &c.
As I've said before, I can see arguments in both directions on this
topic. But I don't think it does us any good to keep saying,
"Everyone else has one." Everyone else is also incorporated.
A
--
Andrew Sullivan
ajs(_at_)shinkuro(_dot_)com
Shinkuro, Inc.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf