[Foundation-l] New draft of privacy policy
Brion Vibber
brion at wikimedia.org
Tue Jun 24 06:13:45 UTC 2008
Anthony wrote:
> On Sat, Jun 21, 2008 at 3:22 PM, Brion Vibber <brion at wikimedia.org> wrote:
>> The data retention policy is, shall we say, super vague. It makes no
>> specific provisions, but iterates our general preference for not keeping
>> lots of private data around for a long time.
>>
> "the least of amount personally identifiable information consistent
> with maintenance of its services, with its privacy policy, or as
> required by state or federal legal provisions under United States of
> America law" is fairly specific. If you can keep less, but still
> fulfill your services, the privacy policy, and the law, then the data
> retention policy states that you should do so.
The key phrase is "consistent with maintenance of its services", which
is very much open-ended.
It does not say anything specific about what we can or can't keep, or
how quickly we should discard data or how long we must keep it, but
simply indicates that we should:
* keep any data as required by law
* keep any data as long as we need it for an actual purpose
* not keep data we don't need for an actual purpose
This is not to say that we will look up everyone's IP and store a giant
table forever listing your address that we looked up on Google Maps with
a picture of your house. :)
The point is simply that the data retention policy (which states our
preference to not retain unnecessary data, as a goal to *drive* our
actual behavior, for the company) is not redundant to the privacy policy
(which lists specific things we do keep, as a *description* of our
actual behavior, for the end-user).
-- brion
More information about the foundation-l
mailing list