[Foundation-l] Data retention

Sue Gardner sgardner at wikimedia.org
Wed Sep 17 03:02:11 UTC 2008 

Thomas Dalton wrote:
> 2008/9/16 Anthony <wikimail at inbox.org>:
>   
>> On Mon, Sep 15, 2008 at 4:33 PM, Thomas Dalton <thomas.dalton at gmail.com>wrote:
>>
>>     
>>> 2008/9/15 mboverload <mboverloadlister at gmail.com>:
>>>       
>>>> Maybe legally, but it would be much better if they actually told us
>>>> what they are doing.
>>>>         
>>> Maybe, but not in the privacy policy.
>>>
>>>       
>> Why not?  What's the point of having a privacy policy if you're going to
>> make it a long-winded version of "we can do anything we want to do"?
>>     
>
> It doesn't say that at all. The privacy policy is designed to be the
> absolute minimum that the foundation commits to doing. In most cases,
> the foundation actually goes a little further than that. There is no
> harm in publishing that actual practice, but the foundation shouldn't
> be committing to continuing that practice - it chose what to commit to
> very carefully when writing the policy and with good reason,
> restricting itself further would make things harder without
> significant gain.
>
> Let me give an example with made up numbers. If the policy says "We
> will not keep logs longer than 2 months", however actual practice is
> to only keep them one month, then that's fine, we're following policy.
> If someone then makes a mistake forgets to delete the logs before they
> go home on Friday night and deletes them when they get back in on
> Monday when they're a month and a day old, there is no problem,
> because we're still within policy. If we'd changed policy to describe
> what usually happened, we'd now have violated the policy. It's always
> good to make actual practice a little stricter than policy in order to
> absorb mistakes - that doesn't work if you then change the policy to
> describe the practice.

Precisely, Thomas, thanks. I was just coming here to write something to 
this effect, but you beat me to it :-)

Basically, policy contains our high-level minimum commitment: what we 
want to do, intend to do, and can & will commit to continuing doing. 
It's the minimum that users can expect from us.

And as Domas points out (and Tim proves with his Aaron example, 
upthread), you don't want to commit at the policy level to things that 
may change, particularly if the change can take place with no warning or 
intent.

More information about the foundation-l mailing list