Hi, the law in question "applies to
operators of commercial web sites and online services that collect personally
identifiable
information about Californians." [1] Like any responsible online commercial
entity, the IETF likely has legal counsel that tries to aggregate all of these
kinds of legal requirements into a global view of what needs to be
affirmatively stated in a privacy policy...
[1]: https://oag.ca.gov/sites/all/files/agweb/pdfs/cybersecurity/making_your_privacy_practices_public.pdf
--Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 Eye St., NW
Washington, DC 20006
+1 202-407-8825
https://josephhall.org/
On Tue, Feb 3, 2015 at 12:08 PM, John Levine <johnl(_at_)taugh(_dot_)com> wrote:
We are required by California law ...
Why does California law apply to the IETF? To the extent that the IETF
has a legal existence, it is my understanding that ISOC and CNRI, the
grantors of the IETF trust, live in Virginia. AMS is in California
but AMS is a contractor.
R's,
John
PS: I'm not opposed to a reasonable privacy policy, but I am opposed
to legal creep. The next thing you know all the mail will have
footers purporting to be confidential.