Ray,
While you talk about non-public mailing lists and give some examples, I think
you need to consider other interactions:
- Direct mails to non-list IETF addresses
- If I email nomcom-chair(_at_)ietf(_dot_)org or chair(_at_)ietf(_dot_)org
etc. is my email private?
Is that data retained within the IETF? If so, how is it held?
- RFC 7776 requires some retention of data in a confidential way (although
the ombudsteam still needs to document the details)
- There is the usual stuff about contracts and commercial sensitivity. While
that
might not fit in "things you submit to the IETF" it is surely part of the
data
retention and confidentiality information
- Registration requires or requests us to submit a number of things that are not
part of the payment system and are (presumably) held on IETF servers. This
includes addresses and phone numbers (that may be personal contact
details), dietary preference (that may be an indication of religion), and
information that may be an indication of gender or other personal
characteristics
(T-shirt size/type, gender) . Your draft text appears to say that this is
public
information: I do not think it should be.
Thanks,
Adrian
-----Original Message-----
From: IETF-Announce [mailto:ietf-announce-bounces(_at_)ietf(_dot_)org] On
Behalf Of
IETF Administrative Director
Sent: 16 March 2016 17:03
To: IETF Announcement List
Subject: Proposed IETF Privacy Policy for Review
The IAOC would like community input on a proposed IETF Privacy Policy.
We are required by California law (and good net citizenship) to have
an accurate privacy policy on our websites. Counsel have reviewed
this statement for compliance with US and EU privacy regulations.
The policy discusses the following:
1. General – Most Personal Data Submitted to IETF Will Become Public
2. You Consent to International Transmission of Your Data
3. Exceptions – Information That We Do Not Release to the Public
4. Security
5. Children
6. Inquiries
7. Compliance
8. Other Organizations
9. Consent
The proposed Privacy Policy is located here:
http://iaoc.ietf.org/documents/IETF-General-Privacy-Statement-2016-02-24-
02.htm
The IAOC will consider all comments received by 31 March 2016.
Ray Pelletier
IETF Administrative Director