Do we have guidelines as to what is an "organization affiliation"?
On Jun 14, 2012, at 5:26 PM, IETF Chair wrote:
Two things have occurred since the message below as sent to the IETF mail
list. First, we got a lawyer in Europe to do some investigation, and the
inclusion of the email address on the blue sheet will lead to trouble with
the European privacy laws. Second, Ted Hardie suggested that we could
require a password to access the scanned blue sheet.
Based on the European privacy law information, the use of email will result
in a major burden. If the email address is used, then we must provide a way
for people to ask for their email address to be remove at any time in the
future, even if we got prior approval to include it. Therefore, I suggest
that we collect organization affiliation to discriminate between multiple
people with the same name instead of email address.
Based on Ted's suggestion, I checked with the Secretariat about using a
datatracker login to download the scanned blue sheet. This is fairly easy to
do, once the community tracking tools are deployed. However, with the
removal of the email addresses from the blue sheets, it is unclear that there
is any further need for password protection of these images. Therefore, I
suggest that we proceed without password protection for the blue sheet images.
Here is a summary of the suggested way forward:
- Stop collecting email addresses on blue sheets;
- Collect organization affiliation to discriminate between multiple people
with the same name;
- Scan the blue sheets and include the images in the proceedings for the WG
session;
- Add indication to top of the blue sheet so people know it will be part of
the proceedings; and
- Discard paper blue sheets after scanning.
Russ
On May 6, 2012, at 12:46 PM, IETF Chair wrote:
We have heard from many community participants, and consensus is quite rough
on this topic. The IESG discussed this thread and reached two conclusions:
(1) Rough consensus: an open and transparent standards process is more
important to the IETF than privacy of blue sheet information.
(2) Rough consensus: inclusion of email addresses is a good way to
distinguish participants with the same or similar names.
Based on these conclusions, the plan is to handle blue sheets as follows:
- Continue to collect email addresses on blue sheets;
- Scan the blue sheet and include the image in the proceedings for the WG
session;
- Add indication to top of the blue sheet so people know it will be part of
the proceedings; and
- Discard paper blue sheets after scanning.
On behalf of the IESG,
Russ