Daniel Pocock daniel@pocock.pro wrote:
- when you join an organization such as FSFE and you provide personal
data such as your name and email address, do you expect that office holders and elected representatives would have some access to this data in performing their roles?
Yes, some access.
- do you feel it is reasonable for people who are in a position of
trust to have some discretion in how they use the data as long as they do so in the best interests of the organization, it's mission and it's members? Or do you believe the organization should strive to obfuscate the data so that even office holders can't read it and put systems in place so communications are sent out to members through an opaque process?
The organisation should log all access to the data and limit use privileges. For example, the representatives should be able to use it somehow, such as sending emails out to the email addresses, but they should not be able to download it in bulk to a memory stick and leave it in a pub car park[1]. 1: http://news.bbc.co.uk/1/hi/uk/7704611.stm
- what are the practices you have seen in other community
organizations in the free software space and can we learn anything from them in developing best practice?
Most of the examples I have seen have been horrible in one of two ways, which can be caricatured as US-centric organsations don't seem to care for anyone's privacy and publish far too much, while EU-centric organisations seem to tightly control data access even where that harms officer communications. There must be a middle line, mustn't there?
Hope that informs,