User:SuperHamster/Data Policy
- This is a drafting space for a WCNA policy on data handling and privacy. Feel free to contribute.
Data collection
On any interface where users are providing answers, it must be made clear whether the answers will available publicly or restricted to organizers.
Name collection
When requesting names, clearly differentiate between the collection of legal names and preferred names to align with participants’ privacy expectations:
- Legal names: Collect legal names only when strictly necessary (e.g., for identity verification, security, or regulatory compliance). Access to legal names should be restricted to essential organizers and solely for purposes related to event organization and safety protocols. Legal names must remain confidential.
- Preferred names: When legal names are not required, allow participants to provide a preferred name (which can be their real name, a username, a pseudonym, etc.).
For each name collected, indicate whether it will remain private (visible only to organizers) or public (visible to a broader audience).
- Private names: If a collected name is designated as "private," it will be accessible only to authorized organizers and used solely for internal purposes (e.g., participant verification). Legal names will always be considered private.
- Public names: If a name is collected for use in public materials (such as badges), clearly inform participants that this information will be visible to other attendees and event staff. Participants should have the option to use a preferred name or pseudonym in public-facing contexts.
Data access
We should practice the principle of least privilege. Access to any sort of private data should only be granted to individuals as-needed for operational reasons. As soon as an individual no longer needs access to data for operational reasons, their access should be revoked.
Extra care should be made that documents with private data have the most restrictive access possible. Shared documents with private data should only be shared with individuals and not made to be viewable by "anyone with a link". Physical documents (e.g. physical check-in list) should always be kept under organizer control and not be visible to the public (e.g. kept in folder when not being directly interacted with).
Data retention
Private data should only be retained for however long is needed for operational reasons. When data is no longer needed, it should be permanently deleted. Data can be anonymized as needed (for example, for statistics of conference attendance).
Communications
Email addresses are considered private data. Outside of core organizers, emails sent to groups (attendees, volunteers, scholarship recipients, etc.) should utilize BCC so recipient email addresses are not exposed to each other.