[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Privacy comments on isp-expectations
- To: grip-wg@uu.net
- Subject: Privacy comments on isp-expectations
- From: Harald Alvestrand <Harald@Alvestrand.no>
- Date: Tue, 01 Aug 2000 14:53:53 -0400
- Comment: grip-wg mailing list add/drop requests to Majordomo@TransSys.COM
repeating my comments in the WG:
The document needs to write down a few guidelines about:
- Privacy concerns
- What should trigger an evidence-collecting pass
These are interrelated.
Example language, to be inserted in section 2 "guiding principles":
- Respect the privacy rules and guidelines of your company and your country.
In particular, make sure no information collected along with the evidence
you are searching for is available to anyone who would not normally have
access to this information.
This includes access to log files (which may reveal patterns of user
behaviour) as well as personal data files.
- Do not invade people's privacy without being sure there's a need to.
In particular, do not collect information from areas you do not normally
have reason to access (such as personal filestores) unless you have
indications that there is a real incident to be worried about.
- Make sure you have the backing of your company's established procedures
in taking the steps you do to collect evidence of an incident.
Privacy laws are your friend.
Harald
--
Harald Tveit Alvestrand, alvestrand@cisco.com
+47 41 44 29 94
Personal email: Harald@Alvestrand.no