Difference between revisions of "User:SuperHamster/Data Policy"
SuperHamster (talk | contribs) (Starting draft of data policy) |
OhanaUnited (talk | contribs) (→Name collection: +) |
||
(5 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
+ | :''This is a drafting space for a WCNA policy on data handling and privacy. Feel free to contribute.'' |
||
+ | __TOC__ |
||
⚫ | |||
+ | |||
⚫ | |||
On any interface where users are providing answers, it must be made clear whether the answers will available publicly or restricted to organizers. |
On any interface where users are providing answers, it must be made clear whether the answers will available publicly or restricted to organizers. |
||
− | === |
+ | ===Name collection=== |
When requesting names, clearly differentiate between the collection of '''legal names''' and '''preferred names''' to align with participants’ privacy expectations: |
When requesting names, clearly differentiate between the collection of '''legal names''' and '''preferred names''' to align with participants’ privacy expectations: |
||
+ | |||
− | * |
+ | *'''Legal names:''' Collect legal names only when strictly necessary (e.g., for identity verification, security, regulatory compliance or scholarship travel reservation). Access to legal names should be restricted to essential organizers and solely for purposes related to event organization and safety protocols. Legal names must remain confidential. |
− | * |
+ | *'''Preferred names:''' When legal names are not required, allow participants to provide a preferred name (which can be their real name, a username, a pseudonym, etc.). |
<hr /> |
<hr /> |
||
Line 12: | Line 16: | ||
For each name collected, indicate whether it will remain '''private''' (visible only to organizers) or '''public''' (visible to a broader audience). |
For each name collected, indicate whether it will remain '''private''' (visible only to organizers) or '''public''' (visible to a broader audience). |
||
− | * |
+ | *'''Private names:''' If a collected name is designated as "private," it will be accessible only to authorized organizers and used solely for internal purposes (e.g., participant verification). Legal names will always be considered private. |
− | * |
+ | *'''Public names:''' If a name is collected for use in public materials (such as badges), clearly inform participants that this information will be visible to other attendees and event staff. Participants should have the option to use a preferred name or pseudonym in public-facing contexts. |
− | == |
+ | ==Data access== |
We should practice the principle of least privilege. Access to any sort of private data should only be granted to individuals as-needed for operational reasons. As soon as an individual no longer needs access to data for operational reasons, their access should be revoked. |
We should practice the principle of least privilege. Access to any sort of private data should only be granted to individuals as-needed for operational reasons. As soon as an individual no longer needs access to data for operational reasons, their access should be revoked. |
||
− | Extra care should be made that documents with private data have the most restrictive access possible |
+ | Extra care should be made that documents with private data have the most restrictive access possible. Physical documents (e.g. physical check-in list) should always be kept under organizer control and not be visible to the public (e.g. kept in folder when not being directly interacted with). |
− | == |
+ | ==Data retention== |
Private data should only be retained for however long is needed for operational reasons. When data is no longer needed, it should be permanently deleted. Data can be anonymized as needed (for example, for statistics of conference attendance). |
Private data should only be retained for however long is needed for operational reasons. When data is no longer needed, it should be permanently deleted. Data can be anonymized as needed (for example, for statistics of conference attendance). |
||
+ | |||
+ | ==Communications== |
||
+ | ===Emails=== |
||
+ | Email addresses are considered private data, and access to attendee email addresses should be limited to organizers who require them for essential operational purposes. To minimize direct access to emails, the use of tools like mailing lists is encouraged, enabling efficient communication while reducing the number of organizers who have direct access to attendee email addresses. |
||
+ | |||
+ | When communicating with event participants (such as attendees, volunteers, and scholarship recipients), all emails should be sent in a manner that conceals individual email addresses. This can be achieved by using solutions like mailing lists or by placing recipients in the BCC field, rather than CC. |
||
+ | |||
+ | Several common online document sharing tools (such as Google Drive) allow you to share an item by email address, but allow all recipients to see the names and emails of everyone else the document has been shared with. This should be taken into consideration when deciding how to share a document. |
Latest revision as of 22:17, 11 October 2024
- This is a drafting space for a WCNA policy on data handling and privacy. Feel free to contribute.
Data collection
On any interface where users are providing answers, it must be made clear whether the answers will available publicly or restricted to organizers.
Name collection
When requesting names, clearly differentiate between the collection of legal names and preferred names to align with participants’ privacy expectations:
- Legal names: Collect legal names only when strictly necessary (e.g., for identity verification, security, regulatory compliance or scholarship travel reservation). Access to legal names should be restricted to essential organizers and solely for purposes related to event organization and safety protocols. Legal names must remain confidential.
- Preferred names: When legal names are not required, allow participants to provide a preferred name (which can be their real name, a username, a pseudonym, etc.).
For each name collected, indicate whether it will remain private (visible only to organizers) or public (visible to a broader audience).
- Private names: If a collected name is designated as "private," it will be accessible only to authorized organizers and used solely for internal purposes (e.g., participant verification). Legal names will always be considered private.
- Public names: If a name is collected for use in public materials (such as badges), clearly inform participants that this information will be visible to other attendees and event staff. Participants should have the option to use a preferred name or pseudonym in public-facing contexts.
Data access
We should practice the principle of least privilege. Access to any sort of private data should only be granted to individuals as-needed for operational reasons. As soon as an individual no longer needs access to data for operational reasons, their access should be revoked.
Extra care should be made that documents with private data have the most restrictive access possible. Physical documents (e.g. physical check-in list) should always be kept under organizer control and not be visible to the public (e.g. kept in folder when not being directly interacted with).
Data retention
Private data should only be retained for however long is needed for operational reasons. When data is no longer needed, it should be permanently deleted. Data can be anonymized as needed (for example, for statistics of conference attendance).
Communications
Emails
Email addresses are considered private data, and access to attendee email addresses should be limited to organizers who require them for essential operational purposes. To minimize direct access to emails, the use of tools like mailing lists is encouraged, enabling efficient communication while reducing the number of organizers who have direct access to attendee email addresses.
When communicating with event participants (such as attendees, volunteers, and scholarship recipients), all emails should be sent in a manner that conceals individual email addresses. This can be achieved by using solutions like mailing lists or by placing recipients in the BCC field, rather than CC.
Several common online document sharing tools (such as Google Drive) allow you to share an item by email address, but allow all recipients to see the names and emails of everyone else the document has been shared with. This should be taken into consideration when deciding how to share a document.