Difference between revisions of "User:SuperHamster/Data Policy"

From WikiConference North America
Jump to navigation Jump to search
(+note)
 
(4 intermediate revisions by one other user not shown)
Line 3: Line 3:
 
__TOC__
 
__TOC__
   
== Data collection ==
+
==Data collection==
 
On any interface where users are providing answers, it must be made clear whether the answers will available publicly or restricted to organizers.
 
On any interface where users are providing answers, it must be made clear whether the answers will available publicly or restricted to organizers.
   
=== Name collection ===
+
===Name collection===
 
When requesting names, clearly differentiate between the collection of '''legal names''' and '''preferred names''' to align with participants’ privacy expectations:
 
When requesting names, clearly differentiate between the collection of '''legal names''' and '''preferred names''' to align with participants’ privacy expectations:
  +
* '''Legal names:''' Collect legal names only when strictly necessary (e.g., for identity verification, security, or regulatory compliance). Access to legal names should be restricted to essential organizers and solely for purposes related to event organization and safety protocols. Legal names must remain confidential.
+
*'''Legal names:''' Collect legal names only when strictly necessary (e.g., for identity verification, security, regulatory compliance or scholarship travel reservation). Access to legal names should be restricted to essential organizers and solely for purposes related to event organization and safety protocols. Legal names must remain confidential.
* '''Preferred names:''' When legal names are not required, allow participants to provide a preferred name (which can be their real name, a username, a pseudonym, etc.).
+
*'''Preferred names:''' When legal names are not required, allow participants to provide a preferred name (which can be their real name, a username, a pseudonym, etc.).
   
 
<hr />
 
<hr />
Line 15: Line 16:
 
For each name collected, indicate whether it will remain '''private''' (visible only to organizers) or '''public''' (visible to a broader audience).
 
For each name collected, indicate whether it will remain '''private''' (visible only to organizers) or '''public''' (visible to a broader audience).
   
* '''Private names:''' If a collected name is designated as "private," it will be accessible only to authorized organizers and used solely for internal purposes (e.g., participant verification). Legal names will always be considered private.
+
*'''Private names:''' If a collected name is designated as "private," it will be accessible only to authorized organizers and used solely for internal purposes (e.g., participant verification). Legal names will always be considered private.
   
* '''Public names:''' If a name is collected for use in public materials (such as badges), clearly inform participants that this information will be visible to other attendees and event staff. Participants should have the option to use a preferred name or pseudonym in public-facing contexts.
+
*'''Public names:''' If a name is collected for use in public materials (such as badges), clearly inform participants that this information will be visible to other attendees and event staff. Participants should have the option to use a preferred name or pseudonym in public-facing contexts.
   
== Data access ==
+
==Data access==
 
We should practice the principle of least privilege. Access to any sort of private data should only be granted to individuals as-needed for operational reasons. As soon as an individual no longer needs access to data for operational reasons, their access should be revoked.
 
We should practice the principle of least privilege. Access to any sort of private data should only be granted to individuals as-needed for operational reasons. As soon as an individual no longer needs access to data for operational reasons, their access should be revoked.
   
Extra care should be made that documents with private data have the most restrictive access possible. Shared documents with private data should only be shared with individuals and not made to be viewable by "anyone with a link". Physical documents (e.g. physical check-in list) should always be kept under organizer control and not be visible to the public (e.g. kept in folder when not being directly interacted with).
+
Extra care should be made that documents with private data have the most restrictive access possible. Physical documents (e.g. physical check-in list) should always be kept under organizer control and not be visible to the public (e.g. kept in folder when not being directly interacted with).
   
== Data retention ==
+
==Data retention==
 
Private data should only be retained for however long is needed for operational reasons. When data is no longer needed, it should be permanently deleted. Data can be anonymized as needed (for example, for statistics of conference attendance).
 
Private data should only be retained for however long is needed for operational reasons. When data is no longer needed, it should be permanently deleted. Data can be anonymized as needed (for example, for statistics of conference attendance).
  +
  +
==Communications==
  +
===Emails===
  +
Email addresses are considered private data, and access to attendee email addresses should be limited to organizers who require them for essential operational purposes. To minimize direct access to emails, the use of tools like mailing lists is encouraged, enabling efficient communication while reducing the number of organizers who have direct access to attendee email addresses.
  +
  +
When communicating with event participants (such as attendees, volunteers, and scholarship recipients), all emails should be sent in a manner that conceals individual email addresses. This can be achieved by using solutions like mailing lists or by placing recipients in the BCC field, rather than CC.
  +
  +
Several common online document sharing tools (such as Google Drive) allow you to share an item by email address, but allow all recipients to see the names and emails of everyone else the document has been shared with. This should be taken into consideration when deciding how to share a document.

Latest revision as of 22:17, 11 October 2024

This is a drafting space for a WCNA policy on data handling and privacy. Feel free to contribute.

Data collection

On any interface where users are providing answers, it must be made clear whether the answers will available publicly or restricted to organizers.

Name collection

When requesting names, clearly differentiate between the collection of legal names and preferred names to align with participants’ privacy expectations:

  • Legal names: Collect legal names only when strictly necessary (e.g., for identity verification, security, regulatory compliance or scholarship travel reservation). Access to legal names should be restricted to essential organizers and solely for purposes related to event organization and safety protocols. Legal names must remain confidential.
  • Preferred names: When legal names are not required, allow participants to provide a preferred name (which can be their real name, a username, a pseudonym, etc.).

For each name collected, indicate whether it will remain private (visible only to organizers) or public (visible to a broader audience).

  • Private names: If a collected name is designated as "private," it will be accessible only to authorized organizers and used solely for internal purposes (e.g., participant verification). Legal names will always be considered private.
  • Public names: If a name is collected for use in public materials (such as badges), clearly inform participants that this information will be visible to other attendees and event staff. Participants should have the option to use a preferred name or pseudonym in public-facing contexts.

Data access

We should practice the principle of least privilege. Access to any sort of private data should only be granted to individuals as-needed for operational reasons. As soon as an individual no longer needs access to data for operational reasons, their access should be revoked.

Extra care should be made that documents with private data have the most restrictive access possible. Physical documents (e.g. physical check-in list) should always be kept under organizer control and not be visible to the public (e.g. kept in folder when not being directly interacted with).

Data retention

Private data should only be retained for however long is needed for operational reasons. When data is no longer needed, it should be permanently deleted. Data can be anonymized as needed (for example, for statistics of conference attendance).

Communications

Emails

Email addresses are considered private data, and access to attendee email addresses should be limited to organizers who require them for essential operational purposes. To minimize direct access to emails, the use of tools like mailing lists is encouraged, enabling efficient communication while reducing the number of organizers who have direct access to attendee email addresses.

When communicating with event participants (such as attendees, volunteers, and scholarship recipients), all emails should be sent in a manner that conceals individual email addresses. This can be achieved by using solutions like mailing lists or by placing recipients in the BCC field, rather than CC.

Several common online document sharing tools (such as Google Drive) allow you to share an item by email address, but allow all recipients to see the names and emails of everyone else the document has been shared with. This should be taken into consideration when deciding how to share a document.