[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Privacy comments on isp-expectations
Excellent - thanks Harald. I'll work something along these lines into
the next draft.
Tom.
On Tue, 01 Aug 2000, Harald Alvestrand wrote:
>repeating my comments in the WG:
>The document needs to write down a few guidelines about:
>- Privacy concerns
>- What should trigger an evidence-collecting pass
>
>These are interrelated.
>
>Example language, to be inserted in section 2 "guiding principles":
>
>- Respect the privacy rules and guidelines of your company and your country.
> In particular, make sure no information collected along with the evidence
> you are searching for is available to anyone who would not normally have
> access to this information.
> This includes access to log files (which may reveal patterns of user
> behaviour) as well as personal data files.
>
>- Do not invade people's privacy without being sure there's a need to.
> In particular, do not collect information from areas you do not normally
> have reason to access (such as personal filestores) unless you have
> indications that there is a real incident to be worried about.
>
>- Make sure you have the backing of your company's established procedures
> in taking the steps you do to collect evidence of an incident.
>
>Privacy laws are your friend.
>
> Harald
>
>--
>Harald Tveit Alvestrand, alvestrand@cisco.com
>+47 41 44 29 94
>Personal email: Harald@Alvestrand.no
>
--
Tom Killalea (206) 266-2196 Amazon.com
tomk@amazon.com