Yeah, I'd agree with that. Developing a website policy might be a component of that or a stop-gap, but more information about IETF participants is collected and stored electronically, so there should be a wider policy. Adrian > Does the IETF have a privacy policy overall? > > One of the things that I find frequently frustrating is that an entity will handle > sensitive data (and realise that the definition of that is *very* broad these days), > only to have a policy that's applicable to its Web site, which only covers a small > portion of the interactions that it's involved in. > > If we're going to go to the trouble of developing a privacy policy (and I think we > should, even as an "open" organisation), it would be worthwhile to include all > interactions, not just those that go through a Web browser.