ietf
[Top] [All Lists]

Re: Proposed IETF Websites’ Privacy Policy; Community Input Requested

2015-02-04 23:11:32
Does the IETF have a privacy policy overall?

One of the things that I find frequently frustrating is that an entity will 
handle sensitive data (and realise that the definition of that is *very* broad 
these days), only to have a policy that's applicable to its Web site, which 
only covers a small portion of the interactions that it's involved in.

If we're going to go to the trouble of developing a privacy policy (and I think 
we should, even as an "open" organisation), it would be worthwhile to include 
all interactions, not just those that go through a Web browser.

Cheers,


On 4 Feb 2015, at 2:52 am, IETF Administrative Director 
<iad(_at_)ietf(_dot_)org> wrote:

The IAOC would like community input on a proposed IETF websites’ Privacy 
Policy.

We are required by California law (and good net citizenship) to have an 
accurate 
privacy policy on our websites.  Counsel have reviewed this statement for 
compliance 
with US and EU privacy regulations.  

The policy discusses the following:
 a.  Information collected
 b.  What’s done with the information
 c.  Information accessible to the public
 d.  Cookies and other tracking technologies
 e.  Participant database
 f.  Security
 g.  Links
 h.  Discussion groups
 i.  Children
 j.  Compliance
 k.  Consent and changes to this policy

The proposed Privacy Policy is located here:
<https://iaoc.ietf.org/documents/IETF-Website-Privacy-Policy-16Jan15.pdf>

The IAOC will consider all comments received by 17 February 2015.

Thanks.

Scott Bradner
Chair
IAOC Legal Committee


--
Mark Nottingham   https://www.mnot.net/