Christian,
On 2012-04-25 08:57, Christian Huitema wrote:
> Brian,
>
>> I suggest that your standard dealings with local hosts should include
>> requiring them to perform a local check on
>> whether the standard "Note Well" takes account of all local legal
>> requirements, including for example
>> consent to publication of images. If it doesn't, the host should provide an
>> augmented "Note Well" for use
>> during meeting registration.
>
> Rather than going this route, we might consider some better balance between
> privacy and standard-settings. Taking and publishing a person's image is a
> step above listing their names. Do we really need that for the purpose of
> standard making, let alone Internet Engineering? How about answering the
> classic privacy checklist:
These are excellent questions, and I support them being studied (perhaps
initially by a small group), but I think they are orthogonal to my
suggestion. Since privacy laws vary widely, I really think this issue
needs to be checked on a per-host-country basis, regardless of our general
policy.
Brian
> 1) How much personal information do we collect, and for what purpose? The
> rule here should be to collect the strict minimum necessary for the purpose.
> Pictures don't appear to meet that bar.
> 2) How do we process that information? Who in the IETF has access to it?
> 3) Do we make that information available to third parties? Under which
> guidelines? Again, there is a big difference between answering a subpoena and
> publishing on a web page.
> 4) How do we safeguard that information? Is it available to any hacker who
> sneaks his way into our database?
> 5) How long do we keep the information? Why?
> 6) How do we dispose of the expired information?
>
> These look like the right questions to the IAOC.
>
> -- Christian Huitema
>
>
>
