Does the IETF have a privacy policy overall?
One of the things that I find frequently frustrating is that an entity will
handle sensitive data (and realise that the definition of that is *very* broad
these days), only to have a policy that's applicable to its Web site, which
only covers a small portion of the interactions that it's involved in.
If we're going to go to the trouble of developing a privacy policy (and I think
we should, even as an "open" organisation), it would be worthwhile to include
all interactions, not just those that go through a Web browser.
Cheers,
On 4 Feb 2015, at 2:52 am, IETF Administrative Director
<iad(_at_)ietf(_dot_)org> wrote:
The IAOC would like community input on a proposed IETF websites’ Privacy
Policy.
We are required by California law (and good net citizenship) to have an
accurate
privacy policy on our websites. Counsel have reviewed this statement for
compliance
with US and EU privacy regulations.
The policy discusses the following:
a. Information collected
b. What’s done with the information
c. Information accessible to the public
d. Cookies and other tracking technologies
e. Participant database
f. Security
g. Links
h. Discussion groups
i. Children
j. Compliance
k. Consent and changes to this policy
The proposed Privacy Policy is located here:
<https://iaoc.ietf.org/documents/IETF-Website-Privacy-Policy-16Jan15.pdf>
The IAOC will consider all comments received by 17 February 2015.
Thanks.
Scott Bradner
Chair
IAOC Legal Committee
--
Mark Nottingham https://www.mnot.net/