[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Privacy comments on isp-expectations

To: grip-wg@uu.net
Subject: Privacy comments on isp-expectations
From: Harald Alvestrand <Harald@Alvestrand.no>
Date: Tue, 01 Aug 2000 14:53:53 -0400
Comment: grip-wg mailing list add/drop requests to Majordomo@TransSys.COM

repeating my comments in the WG:
The document needs to write down a few guidelines about:
- Privacy concerns
- What should trigger an evidence-collecting pass

These are interrelated.

Example language, to be inserted in section 2 "guiding principles":

- Respect the privacy rules and guidelines of your company and your country.
   In particular, make sure no information collected along with the evidence
   you are searching for is available to anyone who would not normally have
   access to this information.
   This includes access to log files (which may reveal patterns of user
   behaviour) as well as personal data files.

- Do not invade people's privacy without being sure there's a need to.
   In particular, do not collect information from areas you do not normally
   have reason to access (such as personal filestores) unless you have
   indications that there is a real incident to be worried about.

- Make sure you have the backing of your company's established procedures
   in taking the steps you do to collect evidence of an incident.

Privacy laws are your friend.

               Harald

--
Harald Tveit Alvestrand, alvestrand@cisco.com
+47 41 44 29 94
Personal email: Harald@Alvestrand.no

Follow-Ups:
- Re: Privacy comments on isp-expectations
  - From: tomk@amazon.com

Prev by Date: [no subject]
Next by Date: Comments on draft-ietf-grip-isp-expectations-04.txt
Previous by thread: [no subject]
Next by thread: Re: Privacy comments on isp-expectations
Index(es):
- Date
- Thread