Re: Proposed IETF Privacy Policy for Review
S Moonesamy <sm+ietf@elandsys.com> Fri, 18 March 2016 10:33 UTC
Return-Path: <sm@elandsys.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8592612D847 for <ietf@ietfa.amsl.com>; Fri, 18 Mar 2016 03:33:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.092
X-Spam-Level:
X-Spam-Status: No, score=-0.092 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=opendkim.org header.b=bmDx71aL; dkim=pass (1024-bit key) header.d=elandsys.com header.b=M++Tno/2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S98VAUrG2h65 for <ietf@ietfa.amsl.com>; Fri, 18 Mar 2016 03:33:05 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id A73B412D83F for <ietf@ietf.org>; Fri, 18 Mar 2016 03:33:05 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.226.211.148]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id u2IAWraO005884 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf@ietf.org>; Fri, 18 Mar 2016 03:33:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1458297184; x=1458383584; bh=ITdCoKj/7Fkg+u64xFYhEeJCOQgHiI7Pb6nY13Va6I0=; h=Date:To:From:Subject:In-Reply-To:References; b=bmDx71aLfNYdYGN0gGct4orWxzbpSQxcOKcW9M5Gk1v5XDpZ7slTQ73q5LRmzJqos nBdrmJo9tnf9pG3ooviJjyzYD2/9rTym66ENpHaC/M94TLOnc5Lm0z/xRbovCSOXyl 9yetaTwjhrLM5znZFx1NO7uS9kwicMaEGlQR/N8c=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1458297184; x=1458383584; i=@elandsys.com; bh=ITdCoKj/7Fkg+u64xFYhEeJCOQgHiI7Pb6nY13Va6I0=; h=Date:To:From:Subject:In-Reply-To:References; b=M++Tno/2Aca2wqsCvuVAVkiR1iZbM/sKXh8kEpXiWnztBM2Xj8H1TFonfbrXIsewC Rk+ENfSCieWO/e7J/WUyChdlnWScoPTdxnJMvbwIO/U7DAlQ1q9R0BEMzldYbIggot SxE7KzT9NsZOeB/nnl2iDwn9NN9Xedg/lE0ozqUc=
Message-Id: <6.2.5.6.2.20160318005648.0e552fc8@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Fri, 18 Mar 2016 03:28:16 -0700
To: ietf@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
Subject: Re: Proposed IETF Privacy Policy for Review
In-Reply-To: <20160316170239.30920.41218.idtracker@ietfa.amsl.com>
References: <20160316170239.30920.41218.idtracker@ietfa.amsl.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/1jpNr6Fl0pcsU2e4jfxtp5s-4rQ>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Mar 2016 10:33:08 -0000
Hello, At 10:02 16-03-2016, IETF Administrative Director wrote: >The IAOC would like community input on a proposed IETF Privacy Policy. The above says "Privacy Policy" whereas the "IETF Draft 24 Feb. 2016" says "Statement Concerning Personal Data". According to www.ietf.org the "Internet Engineering Task Force (IETF) is an organized activity of the Internet Society". Who is the operator of www.ietf.org? I'll use "personal data" to refer to "personally identifiable information" as it might be easier to understand. The following is considered as personal data: (a) first and last name (b) home address (c) e-mail address (d) Any other identifier that permits the physical or online contacting of a specific individual IETF online participation requires (a) and (c) [1]. IETF attendance requires more personal data, e.g. payment information. There is also the audio and video recordings. According to the Attorney General, California Department of Justice, the United States "Federal Trade Commission (FTC) has called for improved data practice transparency, encouraging privacy policy statements that are 'clearer, shorter, and more standardized to enable better comprehension and comparison of privacy practices'. I suggest having a subdivision so that the participant can easily find which personal data he/she has to provide. There would be a separate division for an attendee as other personal data may be required. A third division would be for the (web) visitor. There isn't any information in the draft about data use and sharing. The draft mentions that it is possible "to request information regarding our disclosure of your Personal Data to third parties for direct marketing purposes". I suggest explicitly asking for consent before sharing personal data with third parties. "We believe that we have implemented commercially reasonable precautions to prevent the unauthorized use, disclosure and alteration of Non-Public Information. However, no data security measures can guarantee complete data security, and IETF does not guaranty the confidentiality of anything that you submit to IETF." Does that mean that the IETF will not notify a person affected by a data breach? What is the difference between "commercially reasonable precautions" and "reasonable precautions"? This draft is better than the draft which was posted in February 2015. Regards, S. Moonesamy 1. I skipped the exceptions.
- Re: [IAB] Proposed IETF Privacy Policy for Review Eggert, Lars
- Re: Proposed IETF Privacy Policy for Review Martin Vigoureux
- Re: Proposed IETF Privacy Policy for Review JORDI PALET MARTINEZ
- Re: Proposed IETF Privacy Policy for Review Scott Bradner
- Re: Proposed IETF Privacy Policy for Review JORDI PALET MARTINEZ
- Re: Proposed IETF Privacy Policy for Review John Levine
- Re: Proposed IETF Privacy Policy for Review Scott O. Bradner
- RE: Proposed IETF Privacy Policy for Review Adrian Farrel
- Re: Proposed IETF Privacy Policy for Review Adam Roach
- Re: Proposed IETF Privacy Policy for Review Scott O. Bradner
- Re: Proposed IETF Privacy Policy for Review Scott O. Bradner
- Re: [IAOC] [IAB] Proposed IETF Privacy Policy for… Scott O. Bradner
- Re: [IAOC] [IAB] Proposed IETF Privacy Policy for… Scott O. Bradner
- Re: [IAOC] [IAB] Proposed IETF Privacy Policy for… Eggert, Lars
- Re: Proposed IETF Privacy Policy for Review Stephen Farrell
- Re: Proposed IETF Privacy Policy for Review Stephane Bortzmeyer
- Re: [IAB] Proposed IETF Privacy Policy for Review Paul Wouters
- Re: [IAB] Proposed IETF Privacy Policy for Review Scott Bradner
- Re: [IAB] Proposed IETF Privacy Policy for Review Paul Wouters
- Re: [IAOC] [IAB] Proposed IETF Privacy Policy for… Scott Bradner
- Re: [IAOC] [IAB] Proposed IETF Privacy Policy for… Scott Bradner
- Re: [IAOC] [IAB] Proposed IETF Privacy Policy for… Paul Wouters
- Proposed IETF Privacy Policy for Review IETF Administrative Director
- Re: [IAB] Proposed IETF Privacy Policy for Review John Levine
- Re: Proposed IETF Privacy Policy for Review Adam Roach
- Re: Proposed IETF Privacy Policy for Review S Moonesamy
- Re: Proposed IETF Privacy Policy for Review S Moonesamy
- Re: Proposed IETF Privacy Policy for Review Scott O. Bradner
- RE: Proposed IETF Privacy Policy for Review Adrian Farrel
- Re: Proposed IETF Privacy Policy for Review Tobias Gondrom
- Re: Proposed IETF Privacy Policy for Review Alissa Cooper
- Re: Proposed IETF Privacy Policy for Review S Moonesamy
- Re: Proposed IETF Privacy Policy for Review Scott O. Bradner
- Re: Proposed IETF Privacy Policy for Review S Moonesamy
- Re: Proposed IETF Privacy Policy for Review S Moonesamy
- Re: Proposed IETF Privacy Policy for Review Dave Crocker
- Re: [IAOC] Proposed IETF Privacy Policy for Review Scott O. Bradner
- Re: Proposed IETF Privacy Policy for Review Doug Royer