smolt privacy policy

[Luis Villa]

On 2/19/07, Rahul Sundaram <sundaram at fedoraproject.org> wrote:
> Mike McGrath wrote:
> > I've created a first draft of the smolt Privacy Policy.  Please note: It
> > is not a legal document, it's the Infrastructures policy of how we'll be
> > protecting the information.
>
> Instead of having privacy policies per program, it would probably be
> better to vet the project wide policy drafted at
> http://fedoraproject.org/wiki/Legal/PrivacyPolicy through the legal
> team. It has been sitting there for a while now.

I get the sense that you're talking about a privacy policy, Rahul, and
maybe Mike is talking more about a privacy architecture or privacy
strategy? Just from reading the two documents, it seems they have some
overlapping text and goals but are mostly operating at two different
levels.

Mike, would it make sense to retitle your doc as a privacy strategy or
privacy implementation doc, whose goal is to explain how smolt will
implement the project privacy policy Rahul pointed at? Calling it a
privacy policy seems a little confusing, esp. if there is already a
project privacy policy. Making this distinction might also (1) reduce
the need for lawyers, who can hopefully focus on validating the
requirements in the policy doc, rather than validating the
implementation details in smolt (2) help provide a practical test for
the overall privacy policy- if there are goals you're setting in the
smolt doc, or questions the smolt doc raises, which aren't in the
overall policy, this might be a good way to shake those out and get
them into the bigger/broader doc.

Just a thought-
Luis