[HCoop-Discuss] Draft data confidentiality policies

[Steve Taylor]

Nathan Kennedy <ntk at hcoop.net> writes:

> I am making a wiki page at http://wiki2.hcoop.net/DraftPrivacyPolicy to
> hold these policies, as there were a number of errors in my drafts that
> I hammered out and no doubt they will change more as time goes by; and
> to provide another place to organize commentary.

Wiki page is a good idea. Why not a /Discussion sub-page as well as
pages like FisaExplained and more, for the content of the e-mails
you've sent on this


[My suggested inserts (2) and comments are []-enclosed]

Draft policies.

== Anti-FISA ==
...
== Privacy ==
...
Whereas, members and staff of the corporation need notice of what privacy
expectations will [be] respected and what actions are permissible by staff,
therefore, be it

Resolved, that the following be enacted as an official policy of HCoop,
Inc.:

1. Members are responsible for setting appropriate permissions to restrict access to their stored data.

[[As it reads this forces the coop's access choices upon each member and
his/her private stored data. That doesn't seem right. Perhaps the
following sections explain or qualify it.]]
...
[ What does the phrase "presumption may not be rebutted" in no. 5 mean?]
...
...
9. System administrators and other authorized agents of the corporation may
access confidential data to [the] extent necessary to maintain the
system.  ...
...

[I got no further than 9. Lots to discuss, but the legalese necessary
somehow forces you to conform to their standards. How many members
will actually read it? Your earlier introduction was useful. Can you
summarize without legalese, the risks that FISA presents, how HCoop
should respond, how each member should respond? Can you give your
recommendation a) that HCoop and, b) members use these policies to protect
themselves? ]

--