ChoralWiki talk:Privacy policy

From ChoralWiki
Revision as of 20:47, 5 September 2008 by Vaarky (talk | contribs) (reply to Jkelecom/joachim →‎to have or not to have... a privacy policy)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

to have or not to have... a privacy policy

  • Posted by: Vaarky 06:14, 29 August 2008 (PDT)
 Help 

I've spoken with a couple of people about this project. One person suggested we reexamine whether CPDL should have a privacy policy, and what we would be trying to accomplish by it.

My thoughts about this are that we want to inform Internet users, who may not be as aware about what personally-identifiable information about them is captured. However, this goal can be accomplished via a general informational page that talks about wikis or when you visit a web page generally, and does not necessarily have to be done via a Privacy Policy.

A Privacy Policy may create additional legal obligations, so some care should be taken. I am not a lawyer, but I believe that CPDL in its current or foreseeable state is not required to post a privacy policy.

California has an [http://www.leginfo.ca.gov/cgi-bin/displaycode?section=bpc&group=22001-23000&file=22575-22579 Online Privacy Protection Act] that went into effect July 1 2004. Here is a [http://www.americanbusinessmedia.com/images/abm/pdfs/government/CAprivacy.pdf summary]. I am not a lawyer, but my understanding is that although it requires a Privacy Statement in some cases, I believe the requirement would not apply to CPDL for the following reasons:

  • It is my understanding that CPDL is not "operated for commercial purposes". Section (c): The term "operator" means any person or entity that owns a Web site located on the Internet or an online service that collects and maintains personally identifiable information from a consumer residing in California who uses or visits the Web site or online service if the Web site or online service is operated for commercial purposes. It does not include any third party that operates, hosts, or manages, but does not own, a Web site or online service on the owner's behalf or by processing information on behalf of the owner.
  • Consumers do not purchase or lease anything from CPDL. "The term "consumer" means any individual who seeks or acquires, by purchase or lease, any goods, services, money, or credit for personal, family, or household purposes."

So my thinking is that we should hold off on developing a privacy policy for the present, especially given the Transition committee's discussions and the more urgent priorities such as back-ups. I'll plan to pause this indefinitely but would appreciat hearing other thoughts.


Please don't get me wrong on this one - I welcome and admire your contributions to CPDL. But if you end up repeatedly asserting that CPDL doesn't require a privacy policy, then why would you even bother to start a talk page on the subject? Surely other aspects of cpdl management are in dire need of attention, rather than this one? joachim 08:39, 29 August 2008 (PDT)


Reply by: Vaarky 18:03, 4 September 2008 (PDT)

 Help 

A fair point, and I appreciate the feedback. I probably should have provided more context (below in case it helps).

I am interested in privacy. Initially I asked why CPDL doesn't have a privacy policy page. I said I'd like to see CPDL have one (and thought a California law might require one). So I volunteered to draft it. I was encouraged to post here while drafting.

In researching it, I checked the law and consulted people who write privacy statements. I posted here to let people know my findings, and that I'm now advocating that CPDL not pursue posting a privacy policy at this time.

This seems like the logical place to share my findings on this subject: closely tied to the subject and the most likely place someone wondering about CPDL's lack of a privacy policy would look, or someone interested in the subject and inclined to provide feedback. I'm open to suggestions about other places this should live instead. Or do you think it should just be deleted instead?


My thoughts on privacy policies are pretty much the same as those on copyright: if you put it outthere, there isn't much point in complaining afterwards. Much as I agree that people are entitled to compensation, not to mention recognition for their efforts, I'm also aware of the fact that that simply doesn't happen. Look at any score page on CPDL: thousands of hits for the most popular one, yet how many users have even bothered to inform the editor/composer of them using a score? Or to mention him/her in their program handouts? Not very polite, to be sure, but unfortunately very real.
The same goes for privacy: no matter how hard you try, any half-decent hacker can do a lot of harm with even a fake email address if he really wants to. So if one really cares passionately about either one's copyright or privacy, I think one should resort to traditional publications, which can be traced and tracked, rather than this very insecure medium.
Don't get me wrong - I'm not trying to downplay the importance of copyright/privacy, though the outrageous application of it by so many music publishers is probably the reason why sites such as these exist. But I think the amount of text, time and webspace devoted to it is naive at best - although that might just be because I'm luckily not part of the over-legislativised (it that is even a word) Anglo-Saxon community. joachim 01:55, 5 September 2008 (PDT)

Reply by: Vaarky 13:47, 5 September 2008 (PDT)

 Help 

Thanks for the reply. I agree that the battle is largely lost when a breach occurs, and that care should be taken before supplying information in the first place. Whatever protections or sharing disclosures are stated in a privacy policy are not much use after the fact.

You're probably sophisticated enough that the ways in which consumers bleed information online is obvious to you, but I've come in contact with a lot of consumers who make all sorts of inaccurate assumptions and would benefit from privacy information. It doesn't have to be in form of a privacy policy, though.