ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Proposed IETF Privacy Policy for Review

2016-03-16 13:02:55
from [Adrian Farrel] [Permanent Link] 
Ray,

While you talk about non-public mailing lists and give some examples, I think 
you need to consider other interactions:
- Direct mails to non-list IETF addresses
   - If I email nomcom-chair(_at_)ietf(_dot_)org or chair(_at_)ietf(_dot_)org 
etc. is my email private?
     Is that data retained within the IETF? If so, how is it held?
- RFC 7776 requires some retention of data in a confidential way (although
   the ombudsteam still needs to document the details)
- There is the usual stuff about contracts and commercial sensitivity. While 
that
   might not fit in "things you submit to the IETF" it is surely part of the 
data 
   retention and confidentiality information
- Registration requires or requests us to submit a number of things that are not
   part of the payment system and are (presumably) held on IETF servers. This 
   includes addresses and phone numbers (that may be personal contact
   details), dietary preference (that may be an indication of religion), and 
  information that may be an indication of gender or other personal 
characteristics
  (T-shirt size/type, gender) . Your draft text appears to say that this is 
public
  information: I do not think it should be.

Thanks,
Adrian


-----Original Message-----
From: IETF-Announce [mailto:ietf-announce-bounces(_at_)ietf(_dot_)org] On 
Behalf Of
IETF Administrative Director
Sent: 16 March 2016 17:03
To: IETF Announcement List
Subject: Proposed IETF Privacy Policy for Review

The IAOC would like community input on a proposed IETF Privacy Policy.

We are required by California law (and good net citizenship) to have
an accurate privacy policy on our websites.  Counsel have reviewed
this statement for compliance with US and EU privacy regulations.

The policy discusses the following:
  1.  General – Most Personal Data Submitted to IETF Will Become Public
  2.  You Consent to International Transmission of Your Data
  3.  Exceptions – Information That We Do Not Release to the Public
  4.  Security
  5.  Children
  6.  Inquiries
  7.  Compliance
  8.  Other Organizations
  9.  Consent

The proposed Privacy Policy is located here:
http://iaoc.ietf.org/documents/IETF-General-Privacy-Statement-2016-02-24-
02.htm

The IAOC will consider all comments received by 31 March 2016.

Ray Pelletier
IETF Administrative Director
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Proposed IETF Privacy Policy for Review, Scott O. Bradner
Next by Date:  Re: ietf.org unaccessible for Tor users, Rich Kulawiec
Previous by Thread:  Re: Proposed IETF Privacy Policy for Review, Stephane Bortzmeyer
Next by Thread:  Re: Proposed IETF Privacy Policy for Review, Adam Roach
Indexes:  [Date] [Thread] [Top] [All Lists]