[LINK] Fwd: The handling of personal information

Tom Cleary tom.cleary at gmail.com
Tue Jul 26 23:10:21 AEST 2011


Ooops, forgot to hit "reply all".

tom.

---------- Forwarded message ----------
From: Tom Cleary <tom.cleary at gmail.com>
Date: Tue, Jul 26, 2011 at 9:07 PM
Subject: Re: [LINK] The handling of personal information
To: Dr Bob Jansen <bob.jansen at turtlelane.com.au>


Bob,

Can I suggest that we avoid explicit mention of particular Technical
measures, please?

The reason for doing so is that I feel trust ( which is what we're
describing here, in essence.. ) is personal and so should not be couched in
terms that might be considered "disenfranchising" to those who can't speak
the language.

I agree that the 70 page, nit-picking contract replete with legal jargon (
e.g. Insurance Company blurb ) is alienating, but replacing "legalese" with
"techspeak" doesn't really work for me.

I'd suggest that statements which refer to the governance assurance people
should be able to expect would provide more reassurance, especially when the
shelf life of the average technology is about the same as a prawn sandwich.

Avoiding the need to continually rewrite the thing would be better for the
karma of the person maintaining it, in my view.

How about something like "We will protect your information against improper
disclosure through measures that prevent identity theft and other common
technical and procedural risks. These actions will be diligently operated
and in the unlikely event of a breach, we will restore any harm suffered
without hesitation, subject to legal constraints."

Something like that kind of captures the essence of the legal black hole, in
english, whilst providing assurance of technical protection without getting
stuck in lists of threats or exclusions.

The corporation making that kind of commitment is likely to be the kind of
company that won't split hairs over the "asterisks".

If I ever find a company which offers that kind of uncluttered statement, I
might even begin to use Cloud based services....   ;-)

Hope this helps.

Regards,

tom.

On Tue, Jul 26, 2011 at 5:21 PM, Dr Bob Jansen <bob.jansen at turtlelane.com.au
> wrote:

> I have been asked to draft a small discussion paper on how an
> organisation should go about handling personal individual's data. The
> issue is what words to put into a consent form that provide enough
> information to the person to sign the form that the organisation takes
> the security of their information very seriously without a 70 page
> diatribe of technical mumbo jumbo. Currently, the statement reads, 'Your
> information will remain confidential' but goes no further and I argue
> that this does not fill any reasonable person with confidence that the
> organisation knows what they are talking about. It provides no more than
> a wish that they would pike to do so (or maybe could do so). I argue
> that it needs more indication of what is actually in place, ie, all
> information stored digitally will be encrypted, all communication of
> your information will be in an encrypted form (maybe even stating the
> algorithm to be used), etc.
>
> All advice, guidance, etc welcome and I will post the final copy of my
> paper to the list for community information.
>
> bobj
>
> --
> --------------------------------
> Dr Bob Jansen
> Turtle Lane Studios Pty Ltd
> PO Box 26, Erskineville NSW 2043, Australia
> Ph: +61-414 297 448
> Resume: http://au.linkedin.com/in/bobjan
> Skype: bobjtls
> http://www.turtlelane.com.au
>
> In line with the Australian anti-spam legislation, if you wish to receive
> no further email from me, please send me an email with the subject "No Spam"
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>



More information about the Link mailing list