DRAFT 95/11/21 --- Privacy --- Privacy is a big issue with everyone, especially on the Internet, the land of No Privacy (unless you use Pretty Good Privacy, that is :). I feel the main issues which need to be addressed are the issues of privacy with respect to email, private files, and usage data. The following policy fragment is intended to address these. Also thrown in is a written agreement (which of course it not written) which should simply go into a bit more detail about what reasons ARE acceptable for a staff member / superuser / office volunteer to look into users' private files or email boxes. I think we should keep this sort of detail out of policy and into the processes which require them, like hiring/contracting and granting extra or superuser access. I will volunteer if required to draft such an agreement. And the other important element in this sort of policy, in my opinion, is naming the authority of those specific entities which are entitled to approve exceptions, and where folks can find out the details of the Privacy Agreement signed by those with special access. Here's the bit'o'policy: "NCF gathers statistics about who uses NCF services and how. NCF will not distribute statistical reports that can be traced to individual members. NCF staff and volunteers who work with statistical data must respect members' privacy. NCF staff and volunteers who are given root access (access to all files on the NCF systems) or other special access must sign a written agreement to respect the privacy of members, among other things. A copy of this agreement is available by contacting the NCF office. In all cases, they must not divulge personal information, except as ordered by the Executive Director, the Executive Committee, or the Board of Directors as a whole. In all other instances, no NCF member or staff shall violate the privacy of any other member, except as requested by the Executive Director, the Executive Committee, the Board of Directors as a whole, or court order."