Draft Privacy Policy for NYCGA, CIVICRM

Posted by & filed under .

Tech Ops is drafting a privacy policy to help us manage digital properties.

Precendents:

A number of privacy policies exist we might look at for inspiration.

http://www.nysenate.gov/policies-and-waivers

Guidelines for Tech Ops Admins

We need to define what is possible to look at, but should not be looked at onĀ  the back end.

We need to define what is technically possible to post, share widely, or share internally that should not be posted, shared widely or internally.

We need to define what sanctions might be imposed on any violator of these policies, and who is empowered to impose them.

We need to distinguish between policies aimed at different roles: anyone who registers on NYCGA, anyone granted a permission level that is above the default minimum, and anyone with a super admin role.

We need to articulate who is a superadmin, how one becomes one, and the circumstances for decreasing superadmin privileges.

 

Non privacy issues to be addressed (probably to be moved to another doc)

These circumstances/problems need to have policies that offer mandatory/probable/possible next steps.

Threatening, abusive, defamatory, -ist, and off-topic language.

Communications that in and of themselves don’t violate any other policy, but which in the aggregate represent a mis-use of our digital properties for goals that are not inline with NYCGA principles.

Well meaning but misguided users who violate policies for ‘forgivable’ reasons.

Implementing decisions to ban, exclude, remove, limit or restrict users because of in person behavior, or online behavior in online space not owned/controlled by Tech-Ops/NYCGA.

Addressing such decisions when they come from others: operations working groups, non operations working groups, nycga, spokes, individuals, tech ops committee, and empowered individuals (such as admins). Who has/does not have authority?

If a legal entity seeks to address us formally (say, an attorney threatening to sue) who should that be addressed to? Who is the default responsible person? What legal steps need to be done to protect an individual?

If an urgent response is required for any matter covered in this policy – who makes the decision to move forward in the absence of a tech ops meeting? Are there minimal ad-hoc consultations that MUST take place?

Should any of these policies apply to websites, discussion lists, social media channels or any other digital property run by an OWS entity (such as a working group)? Do working group digital properties ‘belong’ to NYCGA or not?

Comments are closed.