Ray, While you talk about non-public mailing lists and give some examples, I think you need to consider other interactions: - Direct mails to non-list IETF addresses - If I email nomcom-chair@xxxxxxxx or chair@xxxxxxxx etc. is my email private? Is that data retained within the IETF? If so, how is it held? - RFC 7776 requires some retention of data in a confidential way (although the ombudsteam still needs to document the details) - There is the usual stuff about contracts and commercial sensitivity. While that might not fit in "things you submit to the IETF" it is surely part of the data retention and confidentiality information - Registration requires or requests us to submit a number of things that are not part of the payment system and are (presumably) held on IETF servers. This includes addresses and phone numbers (that may be personal contact details), dietary preference (that may be an indication of religion), and information that may be an indication of gender or other personal characteristics (T-shirt size/type, gender) . Your draft text appears to say that this is public information: I do not think it should be. Thanks, Adrian > -----Original Message----- > From: IETF-Announce [mailto:ietf-announce-bounces@xxxxxxxx] On Behalf Of > IETF Administrative Director > Sent: 16 March 2016 17:03 > To: IETF Announcement List > Subject: Proposed IETF Privacy Policy for Review > > The IAOC would like community input on a proposed IETF Privacy Policy. > > We are required by California law (and good net citizenship) to have > an accurate privacy policy on our websites. Counsel have reviewed > this statement for compliance with US and EU privacy regulations. > > The policy discusses the following: > 1. General – Most Personal Data Submitted to IETF Will Become Public > 2. You Consent to International Transmission of Your Data > 3. Exceptions – Information That We Do Not Release to the Public > 4. Security > 5. Children > 6. Inquiries > 7. Compliance > 8. Other Organizations > 9. Consent > > The proposed Privacy Policy is located here: > http://iaoc.ietf.org/documents/IETF-General-Privacy-Statement-2016-02-24- > 02.htm > > The IAOC will consider all comments received by 31 March 2016. > > Ray Pelletier > IETF Administrative Director