I think we all agree that having a privacy policy would be desirable, in the sense that we are in favor of good, and opposed to evil. But I don't know what it means to implement a privacy policy, and I don't think anyone else does either. A privacy policy is basically a set of assertions about what the IETF will do with your personal information. To invent a strawman, let's say that the privacy policy says that registration information will be kept in confidence, and some newly hired clerk who's a little unclear on the concept gives a list of registrants' e-mail addresses to a conference sponsor so they can e-mail everyone an offer for a free IETF tee shirt. Then what happens? Is a privacy policy a contract, and if it is, what remedies do IETF participants have for non-performance? And if it's not, and there aren't remedies, what's the point? R's, John _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf