1 |
On Wed, Jun 20, 2018 at 7:12 AM Kristian Fiskerstrand <k_f@g.o> wrote: |
2 |
> |
3 |
> On 06/20/2018 12:52 PM, Rich Freeman wrote: |
4 |
> > On Wed, Jun 20, 2018 at 4:32 AM Michał Górny <mgorny@g.o> wrote: |
5 |
> >> |
6 |
> >> Please tell me, how many times did we have to disambiguate two |
7 |
> >> developers using the same name? Even if we ever have to do that, do you |
8 |
> >> really think we'd use one's birthday all over the place? |
9 |
> > |
10 |
> > Even if we've had two people from the same location with the same |
11 |
> > name, WHY would we ever have to use their date of birth to identify |
12 |
> > them? We already have their nicks which is what we use internally, |
13 |
> > and those are always unique. |
14 |
> |
15 |
> One morbid example would be someone getting a stone in the back of their |
16 |
> head, at which point the nick will likely not help much... But the |
17 |
> underlying need is likely to arise more due to other circumstances for |
18 |
> needing to contact, say a retired dev needs to provide evidence in a |
19 |
> copyright case and we need to track them down to get said statement. |
20 |
|
21 |
The "underlying need" is what I'm getting at. Do we REALLY need to |
22 |
track developers post-retirement? If we do, is DOB really the best |
23 |
way to do this? |
24 |
|
25 |
And what are we going to do when some retired developer asks us to |
26 |
forget about them? I don't think legally we need to go retract |
27 |
published info, but that DOB seems very much the sort of thing that |
28 |
would be risky to hold on to if somebody explicitly told us they don't |
29 |
want us to retain it. We'd probably need justification to do so. |
30 |
|
31 |
> > |
32 |
> > As far as I'm aware, under most privacy laws and policies I've seen, |
33 |
> > name+DOB is just as sensitive as a government ID number. If |
34 |
> > collecting the latter makes you recoil in horror, then you should be |
35 |
> > just as concerned about DOB collection. |
36 |
> |
37 |
> I'm not, but views of truestees might differ on that; we have reasons to |
38 |
> collect it, it is part of recruiting process known to developer, so the |
39 |
> legal matter wouldn't be on the collecting part but the storage part, |
40 |
> and here they differ quite a lot in practice (although it shouldn't as |
41 |
> even SSN is just a Primary Key in theory). |
42 |
|
43 |
WP has what appears to be a decent article, and it lists DOB as |
44 |
explictly personally-identifying: |
45 |
https://en.wikipedia.org/wiki/Personally_identifiable_information |
46 |
|
47 |
The US law explicitly lists DOB (cited there): |
48 |
Information which can be used to distinguish or trace an individual's |
49 |
identity, such as their name, social security number, biometric |
50 |
records, etc. alone, or when combined with other personal or |
51 |
identifying information which is linked or linkable to a specific |
52 |
individual, such as date and place of birth, mother’s maiden name, |
53 |
etc. |
54 |
|
55 |
It goes on to cite the EU: |
56 |
Article 2a: 'personal data' shall mean any information relating to an |
57 |
identified or identifiable natural person ('data subject'); an |
58 |
identifiable person is one who can be identified, directly or |
59 |
indirectly, in particular by reference to an identification number or |
60 |
to one or more factors specific to his physical, physiological, |
61 |
mental, economic, cultural or social identity; |
62 |
|
63 |
You brought up the scenario of tracking somebody down in the real |
64 |
world. It seems to me that if we actually collect enough info to be |
65 |
able to do this, then by definition we fall directly in the crosshairs |
66 |
of both. |
67 |
|
68 |
I'd start with the underlying issue: do we need to identify specific |
69 |
individuals and retain this identity? What exactly do we need |
70 |
(starting from zero), and what is the least amount of info we need to |
71 |
collect to get there? |
72 |
|
73 |
My understanding is that these are the basic principles of most modern |
74 |
privacy law, and if we stick to those we'll probably be fairly safe as |
75 |
these laws change (assuming we sufficiently protect the info we do |
76 |
need to collect). |
77 |
|
78 |
The principles cited in that article actually raise other thorny |
79 |
issues as well, such as name+location if the name is unique enough. I |
80 |
couldn't begin to tell you whether half of Oslo are named |
81 |
Fiskerstrand, or if you're the only one in the phone book. |
82 |
|
83 |
-- |
84 |
Rich |