[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Privacy comments on isp-expectations



Excellent - thanks Harald.  I'll work something along these lines into
the next draft.

Tom.

On Tue, 01 Aug 2000, Harald Alvestrand wrote:

>repeating my comments in the WG:
>The document needs to write down a few guidelines about:
>- Privacy concerns
>- What should trigger an evidence-collecting pass
>
>These are interrelated.
>
>Example language, to be inserted in section 2 "guiding principles":
>
>- Respect the privacy rules and guidelines of your company and your country.
>   In particular, make sure no information collected along with the evidence
>   you are searching for is available to anyone who would not normally have
>   access to this information.
>   This includes access to log files (which may reveal patterns of user
>   behaviour) as well as personal data files.
>
>- Do not invade people's privacy without being sure there's a need to.
>   In particular, do not collect information from areas you do not normally
>   have reason to access (such as personal filestores) unless you have
>   indications that there is a real incident to be worried about.
>
>- Make sure you have the backing of your company's established procedures
>   in taking the steps you do to collect evidence of an incident.
>
>Privacy laws are your friend.
>
>               Harald
>
>--
>Harald Tveit Alvestrand, alvestrand@cisco.com
>+47 41 44 29 94
>Personal email: Harald@Alvestrand.no
>

-- 
Tom Killalea   (206)  266-2196    Amazon.com
               tomk@amazon.com