Yeah, I'd agree with that.
Developing a website policy might be a component of that or a stop-gap, but
more information about IETF participants is collected and stored
electronically, so there should be a wider policy.
Adrian
Does the IETF have a privacy policy overall?
One of the things that I find frequently frustrating is that an entity will
handle
sensitive data (and realise that the definition of that is *very* broad these
days),
only to have a policy that's applicable to its Web site, which only covers a
small
portion of the interactions that it's involved in.
If we're going to go to the trouble of developing a privacy policy (and I
think we
should, even as an "open" organisation), it would be worthwhile to include all
interactions, not just those that go through a Web browser.