Re: Retention of blue sheets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Picking up this thread...

On Jul 30, 2009, at 12:54 PM, Marshall Eubanks wrote:

THe Trust has a documents retention policy (the current one is at

http://trustee.ietf.org/docs/IETF_Trust_Records_Retention_Policy_(Complete_Final).pdf )

Here is some background. I am only talking about physical material, not electronic records.

The records retention policy is a good start, although it's obviously not a complete privacy policy. Does the policy only apply to paper records? It was not clear if your statement above was in reference to the policy itself.

In any event, it seems sensible for the policy (or a separate policy) to address other privacy aspects besides records retention (e.g., onward data transfer, security, notice, etc.) and to cover both physical records and electronic records. ISOC has such a policy (http://www.isoc.org/help/privacy/ ) -- if it doesn't already apply to the data collected by the Trust, then the Trust (or whoever manages the data collected in connection with IETF activities) should have its own policy.

I'm happy to help craft a policy if there's a means to put one in place (and if one doesn't already exist).

Alissa



Most of the physical material held by the IETF Trust was turned over by CNRI as part of the the Settlement that set up the Trust. I volunteered to evaluate this material, and went with the IAD one cold day to look at several pallets worth of material (much of which was CNRI material not belonging to the Trust, such records of other conferences run by Foretec, and all of which was gone through).

This IETF material totaled 64 boxes, including Blue Sheets (starting with IETF 22 in 1991) and a mass of registration payment material (starting with IETF 26 in 1993). Some of this material was obviously highly sensitive (random samplings showed canceled checks, credit card imprints, passport photo page copies, US Social Security Numbers, addresses, phone numbers, etc.). While I do know how this material was treated previously, while in the Trust's possession it was always held in a secure storage facility.

There were various discussions by the Trustees with counsel about how to handle this material, what should be kept, and for what periods. Agreements with Credit Card companies mean that credit card material has to kept for a relatively short period of time (18 months), in case the bill is disputed, and it was decided to adopt that period for canceled checks and other sensitive personal information.

The result is the above Document Retention Policy, and the IAD and I duly went to the storage facility once this was enacted and the sensitive material in the Trust's possession was destroyed. New material is held by the Secretariat and is generally destroyed by the Secretariat before it goes into the Trust archives. Other material is held as called for in the Document retention policy.

I hope that you find this background useful.

Regards
Marshall

Alissa

On Jul 30, 2009, at 5:32 PM, David Morris wrote:



On Thu, 30 Jul 2009, Alissa Cooper wrote:

The discussion about blue sheets begs the question: does the IETF (or the Trust) have a privacy policy? I did a quick look for one but I didn't see one posted anywhere. If there's a legal entity collecting personal information (which there obviously is), it should have a privacy policy.

It is a stretch, which my imagination can't fathom, to consider a list of attendees in a public meeting to be personal information. Give the ease with which one can avoid having one's name recorded, I don't see any issue except the administrative support issues related to storing old paper.
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf










_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf












_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]