Re: GDPR - we think we're ready, let me know of any issues
David A. Wheeler
I just realized that I should also add a weird special case: Temporarily-retained backups of logs or databases, which can make our theoretical maximum retention time 18 months (1.5 years). Here’s the issue. We don’t normally do this, but it’s *possible* to make backup copies of logs, and we occasionally make copies of databases. In all cases, the purpose is to detect defects and/or attacks – we don’t analyze individual user behavior (unless you consider “attacking our site” a valid user behavior). We don’t retain this information for more than 6 months beyond its normal expiration (and that’d be an unusual case). Of course, errors can happen, but that’s what we are actively trying to do. So in an *outside* case, deleted private data can stick around internally for 18 months. It’s not likely, but it’s *possible*.
The BadgeApp front page does have hypertext links to well-known social media sites (including Twitter, Reddit, and Facebook). However, these links are carefully designed so that viewing the BadgeApp front page does not notify the external sites that the user is viewing the BadgeApp front page, and the BadgeApp never shares personal data with those other sites. Users must expressly click on those links to go to those other sites, and even in those cases we simply transfer generic information about the badging site; we do not provide any personal information about the user to those external sites.
I think we meet the other requirements too. We don’t store a lot of private information about users, and it isn’t THAT sensitive - their email address is the most sensitive we get (which is not in the “most sensitive” category). Users can see what we store, and can delete that information, whenever they want to.
Again, I’m not a lawyer, but I *think* we’re okay. Of course, if someone sees a problem, PLEASE let us know. We *want* to give everyone privacy.
--- David A. Wheeler
From: Georg Link [mailto:linkgeorg@...]
Sent: Monday, May 14, 2018 6:44 PM
To: Wheeler, David A
Subject: Re: [CII-badges] GDPR - we think we're ready, let me know of any issues
Sounds reasonable, thanks David.
On Mon, May 14, 2018 at 5:24 PM, Wheeler, David A <dwheeler@...> wrote:
The log of activity records requests to the system and related activity. Logs are rotated daily and log data is archived for 1 year. After that, it’s gone.
Some bugs are intermittent, and some attackers use “low and slow” kinds of attacks. Thus, we need to log things for a period of time to deal with those cases. A year seems like a reasonable period of time.
Does that help?
--- David A. Wheeler
Sent: Monday, May 14, 2018 5:55 PM
On Mon, May 14, 2018, 15:14 Wheeler, David A <dwheeler@...> wrote: