Does the IETF have a privacy policy overall? One of the things that I find frequently frustrating is that an entity will handle sensitive data (and realise that the definition of that is *very* broad these days), only to have a policy that's applicable to its Web site, which only covers a small portion of the interactions that it's involved in. If we're going to go to the trouble of developing a privacy policy (and I think we should, even as an "open" organisation), it would be worthwhile to include all interactions, not just those that go through a Web browser. Cheers, > On 4 Feb 2015, at 2:52 am, IETF Administrative Director <iad@xxxxxxxx> wrote: > > The IAOC would like community input on a proposed IETF websites’ Privacy Policy. > > We are required by California law (and good net citizenship) to have an accurate > privacy policy on our websites. Counsel have reviewed this statement for compliance > with US and EU privacy regulations. > > The policy discusses the following: > a. Information collected > b. What’s done with the information > c. Information accessible to the public > d. Cookies and other tracking technologies > e. Participant database > f. Security > g. Links > h. Discussion groups > i. Children > j. Compliance > k. Consent and changes to this policy > > The proposed Privacy Policy is located here: > <https://iaoc.ietf.org/documents/IETF-Website-Privacy-Policy-16Jan15.pdf> > > The IAOC will consider all comments received by 17 February 2015. > > Thanks. > > Scott Bradner > Chair > IAOC Legal Committee > -- Mark Nottingham https://www.mnot.net/