On 7/7/2010 8:53 AM, Dave CROCKER wrote: > > > On 7/7/2010 8:46 AM, Marshall Eubanks wrote: >> Having a privacy policy in place does two primary things IMO. It >> helps to >> inform and set policy and it gives others a metric to evaluate >> performance >> and a tool to improve performance. >> >> It also may have the useful effect of finding holes or >> inconsistencies in >> what we are doing, as it is reviewed and revised as technology and >> conditions >> change. > > > On its face, this line of thinking might appear to justify something > that is > explicitly toothless and, by implication, useless. > > In fact, there's plenty of precedence in the world for having formal > clarity > about a policy but without realistic enforcement power. > > A common example is non-disclosure agreements. Although they usually > contain > language that sounds like there is serious recourse, in practice there > isn't. Typical misrepresentation by an IPR group member... If you want to know about NDA's and their damage capabilities ask the folks at Rockwell who paid 65M in damages over the NDA used to convey the IP under the K56 Flex modem to them. > Rather, the document serves as an explicit statement of concerns and an > acknowledgement by the signers that the concerns are understood. > > Frequently, just having the issues stated clearly and brought to a > participant's > attention is enough to get improved behavior. Unenforceable policy based on the doctrine of impossibility are worthless. Having one creates a liability because it was "designed to be unenforceable" and as such the intent is clear. Todd > > d/ > _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf