[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
on Mon, Sep 02, 2002, andy wergedal (firstname.lastname@example.org) wrote:
> --- Peter Jay Salzman <email@example.com> wrote:
> > hola lugod,
> > someone mentioned to me that it would be good to have a "privacy
> > policy" at www.lugod.org. stuff like "we won't sell your email
> > address to a 10^23 addresses for 5 bucks" kind of thing.
> > my initial reaction is that we don't need one; if you can't trust a
> > LUG with personal info, who can you trust?
> > but i think the issue is important and warrants a discussion if
> > someone brings it up.
> > does anyone have an opinion on this issue one way or another?
I doubt we'll find anyone here with an opinion....
> Here is my .02
> prohibits the distribution of the membership information in any form.
...including in the form of email addresses as used on mailing lists or
in archives? LUGoD also maintains a membership page with brief bios,
active date, email address, and photograph. Meeting photos, with and
without identification, are also frequently posted. All of these could
be seen as disseminating personal (if not private) information. I've
certainly met people who might object, some quite strongly, to free
dissemination of such information.
I disagree strongly with your statement, Andy.
Posit: blanket prohibitions on distribution of membership information,
whether incidental or deliberate (e.g.: list of members...) is neither
feasible nor desirable.
I've seen several mailing lists over the past several years in which
individuals have sought, and in some cases achieved, sometimes through
legal actions, that information pertaining to them, including email
addresses, mailing list posts, and other materials, be removed. At
times at considerable cost/time/effort to the organization hosting
services (the Exim mailing list is one such example, though I can't
track down a reference, something similar happened on the SVLUG mailing
list). My own policy on any such list would seek to make sure that such
claims would have to be matched against an explicit prior approval,
payment of any associated costs, and a prophylactic banning of any users
who'd been known previously to have made such requests elsewhere.
> Each member (or participant) should seek out any and all publication
> of their own views and personal information. It is the organizations
> responsibility to protect the membership privacy.
This statement makes no sense to me, and makes a dangerous statement of
responsibility. It also omits an apostrophe.
> In other organizations the Server that contains the LUG information
> (website, membership pages, email lists and archived email) could be
> owned by a non-lug organization. This information could be subject to
> distribution based on the co-location and/or the hosting agreement.
This is true. Such arrangements can become dicey when the
> It is paramount that all organizations protect their membership and
Public participation in public forums posits tacit approval of
dissemination of both incidental and direct information.
The organization should act in good faith, and in both its members and
its own self interest. It shouldn't abuse its members trust, but it
shouldn't promise, or be expected to provide, privacy protections which
are beyond its ability.
My suggested framework:
- The LUG does collect certain information incidental to operation of
certain features, including (but not limited to) mailing lists,
meeting announcements, minutes, schedules, and news items. This
information is largely limited to name, email, and photos.
Provision of this information is voluntary, but may be necessary to
participate in certain LUG functions. Participation indicates
agreement to publicly disclose such information.
- The LUG will not traffic directly in [commercial exchange of]
personal information: it will not sell membership information,
mailing list subscribers, or other information of similar nature.
There might be an exclusion for exchange with other LUGs or
FS-related organizations such as LI, or there might be an explicit
statement that this won't happen either.
- The LUG provides an opportunity for members to _voluntarially_
disclose information on a membership roster, including name, email
address, active date(s), URL references, and a photo. Provision
of this information is wholly voluntary and is given as a service
to members who wish to utilize it.
- The LUG is an open organization. Unless specifically noted
otherwise, its activities, postings, publications, and rosters are
public knowledge. Participation in activities implies consent to
written or visual recording of these events. It might be useful to
get a disclosure for publishing identifying photographs online...or
this might be overkill.
- The LUG maintains public archives of its website, mailing lists,
and other organs, generally available online. These archives
themselves may be duplicated or archived elsewhere by well known or
private parties (e.g.: Google, your friendly neighborhood hacker,
the Wayback Machine).
- Any request to remove information from website, archives, mailing
lists, etc., will be treated as an extraordinary request. It will
be subject to an hourly charge for the work involved, at a rate of
$XX/hr, with a minimum of XX hours billable, to recover costs and
expense. [For the purposes of the group, this work might be
contracted out rather than treated as revenue directly].
IANAL (but I play one on the 'Net), TINLA.
Karsten M. Self <firstname.lastname@example.org> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Support the EFF, they support you: http://www.eff.org/
Description: PGP signature