Difference between revisions of "Talk:SPG:Drafts:Data Privacy EGI CheckIn"

From EGIWiki
Jump to: navigation, search
Line 1: Line 1:
Hi Dave, all,
+
= Comments and discussion =
 
+
== Comments from Hannah Short (8 Nov 2016) ==
** Comments from Hannah Short **
 
  
 
Minor points since this looks very thorough:
 
Minor points since this looks very thorough:
  
 
*It is potentially confusing to have two nested policies. There are references to "The Policy", "This policy", "this Policy" and it's not obvious to which one they are referring. It might be clearer to insert the word Privacy or Data Processing before each use of the word Policy  
 
*It is potentially confusing to have two nested policies. There are references to "The Policy", "This policy", "this Policy" and it's not obvious to which one they are referring. It might be clearer to insert the word Privacy or Data Processing before each use of the word Policy  
 +
 +
'''Answer from DaveK: Agreed. Still to be done.'''
 +
 
*"Stored where?" I worry this is opening a can of worms since we do not specify the actual location and readers will want to see a physical country listed. As far as I can see, this isn't a requirement of the Policy on the Processing of Personal Data
 
*"Stored where?" I worry this is opening a can of worms since we do not specify the actual location and readers will want to see a physical country listed. As far as I can see, this isn't a requirement of the Policy on the Processing of Personal Data
 +
 +
Answer from DaveK: Agreed. Potentially a BIG can of worms! In the past with the old User-level Job Accounting Policy we did require the data to be held within the EU (or country with similar data protection). In general this does not work for e-Infrastructures like WLCG where we do need to store and process outside of the EU, so our plan was that the fact that all members of the e-Infrastructure are bound by the single set of policy documents should be sufficient.

Revision as of 09:18, 15 November 2016

Comments and discussion

Comments from Hannah Short (8 Nov 2016)

Minor points since this looks very thorough:

  • It is potentially confusing to have two nested policies. There are references to "The Policy", "This policy", "this Policy" and it's not obvious to which one they are referring. It might be clearer to insert the word Privacy or Data Processing before each use of the word Policy

Answer from DaveK: Agreed. Still to be done.

  • "Stored where?" I worry this is opening a can of worms since we do not specify the actual location and readers will want to see a physical country listed. As far as I can see, this isn't a requirement of the Policy on the Processing of Personal Data

Answer from DaveK: Agreed. Potentially a BIG can of worms! In the past with the old User-level Job Accounting Policy we did require the data to be held within the EU (or country with similar data protection). In general this does not work for e-Infrastructures like WLCG where we do need to store and process outside of the EU, so our plan was that the fact that all members of the e-Infrastructure are bound by the single set of policy documents should be sufficient.