I believe there is room to do better: A quick look at the Fair Information
Practices (FIPs) would provide a good starting point:
Notice and Consent: Before the collection of data, the data subject
should be provided: notice of what information is being collected
and for what purpose and an opportunity to choose whether to
accept the data collection and use.
Collection Limitation: Data should be collected for specified,
explicit and legitimate purposes. The data collected should be
adequate, relevant and not excessive in relation to the purposes
for which they are collected.
Use/Disclosure Limitation: Data should be used only for the purpose
for which it was collected and should not be used or disclosed in
any way incompatible with those purposes.
Retention Limitation: Data should be kept in a form that permits
identification of the data subject no longer than is necessary for
the purposes for which the data were collected.
Accuracy: The party collecting and storing data is obligated to
ensure its accuracy and, where necessary, keep it up to date;
every reasonable step must be taken to ensure that data which are
inaccurate or incomplete are corrected or deleted.
Access: A data subject should have access to data about himself, in
order to verify its accuracy and to determine how it is being
used.
Security: Those holding data about others must take steps to protect
its confidentiality.
On Oct 11, 2011, at 5:17 PM, Stephane Bortzmeyer wrote:
On Tue, Oct 11, 2011 at 04:42:17PM +0300,
Hannes Tschofenig <hannes(_dot_)tschofenig(_at_)gmx(_dot_)net> wrote
a message of 58 lines which said:
it is quite likely that they also need to be told something about
privacy.
For me, the most important mention of privacy is:
It is RECOMMENDED as best current practice that Internet-facing
servers logging incoming IP addresses from inbound IP traffic also
log:
Do note "Internet-facing servers ***logging incoming IP
addresses***". It means that noone recommends to log IP addresses, the
RFC just says that, ***if you do log***, logging the IP address
without the port number is not very sensible.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf