Re: Proposed IETF Statement Concerning Personal Data for Review

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 23, 2017 at 03:27:10PM -0800, IETF Administrative Director wrote:
> The IAOC would like community input on a proposed IETF Statement
> Concerning Personal Data. [snip]
>
> The proposed Privacy Policy is located here:
> https://iaoc.ietf.org/documents/Privacy-Statement-23Feb17.htm

1. The second paragraph (begins "The parties operate") includes
"(b) home address".  I think it would be better to use "mailing address"
to encompass everyone who uses a business address or other address.

2. Under "Exceptions -- Information That We Do Not Release to the Public",
I think two changes are needed.

	2a) Under "Non-Public Mailing Lists and direct mail to individuals
	at the Parties", I think it would be good to note that the Parties
	cannot control the disclosure of individual messages or entire
	archives of these.  The Parties can certainly request that members
	of those lists keep them private, and can certainly impose sanctions
	if it wishes on those who don't, but it can't stop that disclosure.
	Also worth noting is that security issues -- whether affecting an
	individual on one of those lists or the list mechanism/archive
	itself, could result in full disclosure of their entire contents.

	2b) I think it would be a good idea to stipulate that the Parties
	will not disclose mailing list membership records: email addresses,
	list memberships, date joined, date left, etc.  To put it less
	formally, the Parties won't out the lurkers.  While most of us
	don't have to be overly concerned about such disclosures, there
	are some people for whom it could have negative consequences.

3. Under "Security", I believe there's a typo: "guaranty" should be 
"guarantee".

4. Also under "Security", this phrase: "such release is required by
applicable law, regulation or judicial order" doesn't cover NSLs
or similar instruments, which are none of those.  At the risk of opening
an infinite can of worms, what is the policy w.r.t. NSLs et.al.?

---rsk




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]