<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">John,<div><br></div><div>The policy itself looks good. Making it public is a good first step.</div><div><br></div><div>It states that the OIDF regularly reviews it's compliance with our privacy policy.</div><div><br></div><div>I think posting member PII to the public website is not in keeping with the policy.</div><div><br></div><div>We should review the IPR process and any other process people have concerns about in accordance with the policy.</div><div><br></div><div>I know it is not as exciting as arguing about nonces in GET.</div><div><br></div><div>Is this part of the Legal WG's remit?</div><div><br></div><div>Asking the membership and potential members if they have any concerns may also be a useful thing to catch other issues.</div><div><br></div><div>Thanks </div><div>John B.</div><div><br></div><div><br><div><div>On 2010-01-27, at 9:51 PM, John Ehrig wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="country-region">
<o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place">
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div lang="EN-US" link="blue" vlink="blue" style="word-wrap: break-word;-webkit-nbsp-mode: space;
-webkit-line-break: after-white-space">
<div class="Section1"><p class="MsoNormal"><font size="2" color="navy" face="Arial"><span style="font-size:
10.0pt;font-family:Arial;color:navy">Actually, we already do have an approved
and actively in use OIDF privacy policy (see the attached). A couple of
issues:<o:p></o:p></span></font></p><p class="MsoNormal"><font size="2" color="navy" face="Arial"><span style="font-size:
10.0pt;font-family:Arial;color:navy">1) It is buried in the membership portal
and only viewable when you first sign up as a new member (which is why it took
me so long to track it down) <o:p></o:p></span></font></p><p class="MsoNormal"><font size="2" color="navy" face="Arial"><span style="font-size:
10.0pt;font-family:Arial;color:navy">2) It seems to be written specifically as a
member privacy policy (which may not really be an issue if we are ok with it as
is for that purpose)<o:p></o:p></span></font></p><p class="MsoNormal"><font size="2" color="navy" face="Arial"><span style="font-size:
10.0pt;font-family:Arial;color:navy"><o:p> </o:p></span></font></p><p class="MsoNormal"><font size="2" color="navy" face="Arial"><span style="font-size:
10.0pt;font-family:Arial;color:navy">I can immediately fix issue #1 by posting
it in an easy to find/view page. <o:p></o:p></span></font></p><p class="MsoNormal"><font size="2" color="navy" face="Arial"><span style="font-size:
10.0pt;font-family:Arial;color:navy"><o:p> </o:p></span></font></p><p class="MsoNormal"><font size="2" color="navy" face="Arial"><span style="font-size:
10.0pt;font-family:Arial;color:navy">Longer term, we can use this existing policy
as a stating point if we want to improve or broaden it within the legal or
privacy committee. <o:p></o:p></span></font></p><p class="MsoNormal"><font size="2" color="navy" face="Arial"><span style="font-size:
10.0pt;font-family:Arial;color:navy"><o:p> </o:p></span></font></p>
<div>
<div class="MsoNormal" align="center" style="text-align:center"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">
<hr size="2" width="100%" align="center" tabindex="-1">
</span></font></div><p class="MsoNormal"><b><font size="2" face="Tahoma"><span style="font-size:10.0pt;
font-family:Tahoma;font-weight:bold">From:</span></font></b><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:Tahoma">
<a href="mailto:openid-board-bounces@lists.openid.net">openid-board-bounces@lists.openid.net</a>
[mailto:openid-board-bounces@lists.openid.net] <b><span style="font-weight:
bold">On Behalf Of </span></b>John Bradley<br>
<b><span style="font-weight:bold">Sent:</span></b> Wednesday, January 27, 2010
10:00 AM<br>
<b><span style="font-weight:bold">To:</span></b> <a href="mailto:openid-board@lists.openid.net">openid-board@lists.openid.net</a><br>
<b><span style="font-weight:bold">Subject:</span></b> Re: [OpenID board] OIDF
Privacy Policy</span></font><o:p></o:p></p>
</div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><o:p> </o:p></span></font></p><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">I think that it would be fine to post redacted versions.<o:p></o:p></span></font></p>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><o:p> </o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">I suspect that a page with the companies and individuals who have
signed up for WG is probably more useful than the scanned agreements
themselves.<o:p></o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><o:p> </o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">I made a IPR declaration three years ago when the OIDF was formed and
the PAPE WG started. I don't recall anyone telling me it was going to be
scanned and posted.<o:p></o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><o:p> </o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">I like most people haven't thought about it in a while because there
haven't been new WG.<o:p></o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><o:p> </o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">If we are going to publish information that people give us we need to
make that clear at the time of collection.<o:p></o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><o:p> </o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">We may be violating privacy laws outside the <st1:country-region w:st="on"><st1:place w:st="on">US</st1:place></st1:country-region>. I would prefer to make
sure it is not an issue for the membership.<o:p></o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><o:p> </o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">John B.<o:p></o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><o:p> </o:p></span></font></p>
</div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><o:p> </o:p></span></font></p>
<div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">On 2010-01-27, at 2:47 PM, Mike Jones wrote:<o:p></o:p></span></font></p>
</div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"><br>
<br>
<o:p></o:p></span></font></p>
<span style="orphans: 2;widows: 2;-webkit-border-horizontal-spacing: 0px;
-webkit-border-vertical-spacing: 0px;-webkit-text-decorations-in-effect: none;
-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:
0px">
<div link="blue" vlink="purple">
<div>
<div><p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:Calibri;color:#1F497D">It would be fine to
post digital images with the signatures and address information redacted
– possibly by overlaying them with “Information on file with
OIDF” or something of that sort. (Sort of how elevators often
contain messages about the elevator license being on file at such-and-such
place.)<u1:p></u1:p></span></font><o:p></o:p></p>
</div>
<div><p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:Calibri;color:#1F497D"><u1:p> </u1:p></span></font><o:p></o:p></p>
</div>
<div><p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:Calibri;color:#1F497D">
-- Mike<u1:p></u1:p></span></font><o:p></o:p></p>
</div>
<div><p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:Calibri;color:#1F497D"><u1:p> </u1:p></span></font><o:p></o:p></p>
</div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in;
border-width:initial;border-color:initial">
<div><p class="MsoNormal"><b><font size="2" face="Tahoma"><span style="font-size:10.0pt;
font-family:Tahoma;font-weight:bold">From:</span></font></b><span class="apple-converted-space"><font size="2" face="Tahoma"><span style="font-size:
10.0pt;font-family:Tahoma"> </span></font></span><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:Tahoma"><a href="mailto:openid-board-bounces@lists.openid.net">openid-board-bounces@lists.openid.net</a><span class="apple-converted-space"> </span>[mailto:openid-board-bounces@lists.openid.net]<span class="apple-converted-space"> </span><b><span style="font-weight:bold">On
Behalf Of<span class="apple-converted-space"> </span></span></b>David
Recordon<br>
<b><span style="font-weight:bold">Sent:</span></b><span class="apple-converted-space"> </span>Wednesday, January 27, 2010 9:40 AM<br>
<b><span style="font-weight:bold">To:</span></b><span class="apple-converted-space"> </span><a href="mailto:openid-board@lists.openid.net">openid-board@lists.openid.net</a><br>
<b><span style="font-weight:bold">Subject:</span></b><span class="apple-converted-space"> </span>Re: [OpenID board] OIDF Privacy Policy<u1:p></u1:p></span></font><o:p></o:p></p>
</div>
</div>
<div><u1:p><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"> <o:p></o:p></span></font></p>
</u1:p></div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">Hey John,<o:p></o:p></span></font></p>
<u1:p></u1:p></div>
<div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">I'm happy to have us reconsider the policy.<o:p></o:p></span></font></p>
<u1:p></u1:p></div>
</div>
<div><u1:p>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"> <o:p></o:p></span></font></p>
</div>
</u1:p></div>
<div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">The idea is to make it incredibly transparent around who has
signed what (when it comes to IP). So far you're the first person in
three years to say anything about it.<o:p></o:p></span></font></p>
<u1:p></u1:p></div>
</div>
<div><u1:p>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"> <o:p></o:p></span></font></p>
</div>
</u1:p></div>
<div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">Considering that there can be different versions of documents and some
documents with options, scanning them as PDFs seemed like the easiest and most
accurate method. 99% of the time it's also companies signing the
agreements and using corporate addresses versus personal.<o:p></o:p></span></font></p>
<u1:p></u1:p></div>
</div>
<div><u1:p>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"> <o:p></o:p></span></font></p>
</div>
</u1:p></div>
<div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">If Global Inventures is able to manage these agreements and keep up to
date online records, I'm less worried about each agreement
being available online.<o:p></o:p></span></font></p>
<u1:p></u1:p></div>
</div>
<div><u1:p>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"> <o:p></o:p></span></font></p>
</div>
</u1:p></div>
<div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">That said, they should be made available upon request.<o:p></o:p></span></font></p>
<u1:p></u1:p></div>
</div>
<div><u1:p>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"> <o:p></o:p></span></font></p>
</div>
</u1:p></div>
<div><p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">--David<o:p></o:p></span></font><u1:p></u1:p></p>
<div>
<div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt">On Wed, Jan 27, 2010 at 7:07 AM, John Bradley <<a href="mailto:jbradley@mac.com">jbradley@mac.com</a>> wrote:<o:p></o:p></span></font></p>
<u1:p></u1:p></div><p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">In the process of setting
up the AX 1.1 WG a number of things have come to light.<br>
<br>
One is some confusion around who needs to submit what sort of agreement,
Personal or Company.<br>
Perhaps our new Secretary can have a look at that.<br>
<br>
The more important one is that the OIDF has a practice of positing scanned
documents publicly including peoples signature.<br>
<br>
A number of us don't think publicly posting our address info with a scan of our
signature is such a good idea.<br>
<br>
I think everyone agrees that who has signed contribution agreements and what WG
they apply to should be public.<br>
<br>
However there are ways to do that are less subject to identity theft and other
issues.<br>
<br>
I would like to recommend that one of our committees (perhaps the legal one) or
a sub committee.<br>
<br>
Review and publish the OIDF privacy policy and specifically if practices like
posting members PII publicly are appropriate.<br>
<br>
The board can then consider those recommendations.<br>
<br>
In the interim I would like GlobalInventures to redact my signature from any
and all of the IPR agreements they publish.<br>
<br>
I don't think we can be credible respecting peoples right to privacy on the
internet if we don't do a credible job with our own members.<br>
<br>
There may be other privacy issues I am not currently aware of as well.<br>
<br>
I think being proactive about privacy can only increase participation from the
community in general.<br>
<br>
Regards<br>
John B.<br>
_______________________________________________<br>
board mailing list<br>
<a href="mailto:board@lists.openid.net">board@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-board" target="_blank">http://lists.openid.net/mailman/listinfo/openid-board</a><o:p></o:p></span></font><u1:p></u1:p></p>
</div>
<div><u1:p><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"> <o:p></o:p></span></font></p>
</u1:p></div>
</div>
</div><p class="MsoNormal"><font size="4" face="Helvetica"><span style="font-size:13.5pt;
font-family:Helvetica">_______________________________________________<br>
board mailing list<br>
<a href="mailto:board@lists.openid.net">board@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-board">http://lists.openid.net/mailman/listinfo/openid-board</a><o:p></o:p></span></font></p>
</div>
</span></div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:
12.0pt"></span><o:p> </o:p></font></p>
</div>
</div>
</div>
<span><Privacy Policy.doc></span>_______________________________________________<br>board mailing list<br><a href="mailto:board@lists.openid.net">board@lists.openid.net</a><br>http://lists.openid.net/mailman/listinfo/openid-board<br></o:smarttagtype></o:smarttagtype></blockquote></div><br></div></body></html>