User:SuperHamster/Data Policy

From WikiConference North America
< User:SuperHamster
Revision as of 20:12, 7 October 2024 by SuperHamster (talk | contribs) (Rework comms)
Jump to navigation Jump to search
This is a drafting space for a WCNA policy on data handling and privacy. Feel free to contribute.

Data collection

On any interface where users are providing answers, it must be made clear whether the answers will available publicly or restricted to organizers.

Name collection

When requesting names, clearly differentiate between the collection of legal names and preferred names to align with participants’ privacy expectations:

  • Legal names: Collect legal names only when strictly necessary (e.g., for identity verification, security, or regulatory compliance). Access to legal names should be restricted to essential organizers and solely for purposes related to event organization and safety protocols. Legal names must remain confidential.
  • Preferred names: When legal names are not required, allow participants to provide a preferred name (which can be their real name, a username, a pseudonym, etc.).

For each name collected, indicate whether it will remain private (visible only to organizers) or public (visible to a broader audience).

  • Private names: If a collected name is designated as "private," it will be accessible only to authorized organizers and used solely for internal purposes (e.g., participant verification). Legal names will always be considered private.
  • Public names: If a name is collected for use in public materials (such as badges), clearly inform participants that this information will be visible to other attendees and event staff. Participants should have the option to use a preferred name or pseudonym in public-facing contexts.

Data access

We should practice the principle of least privilege. Access to any sort of private data should only be granted to individuals as-needed for operational reasons. As soon as an individual no longer needs access to data for operational reasons, their access should be revoked.

Extra care should be made that documents with private data have the most restrictive access possible. Physical documents (e.g. physical check-in list) should always be kept under organizer control and not be visible to the public (e.g. kept in folder when not being directly interacted with).

Data retention

Private data should only be retained for however long is needed for operational reasons. When data is no longer needed, it should be permanently deleted. Data can be anonymized as needed (for example, for statistics of conference attendance).

Communications

Emails

Email addresses are considered private data, and access to attendee email addresses should be limited to organizers who require them for essential operational purposes. To minimize direct access to emails, the use of tools like mailing lists is encouraged, enabling efficient communication while reducing the number of organizers who have direct access to attendee email addresses.

When communicating with event participants (such as attendees, volunteers, and scholarship recipients), all emails should be sent in a manner that conceals individual addresses. This can be achieved by using solutions like mailing lists or by placing recipients in the BCC field, rather than CC.

Several common online document sharing tools (such as Google Drive) allow you to share an item by email address, but allow all recipients to see the names and emails of everyone else the document has been shared with. This should be taken into consideration when deciding how to share a document.