Information Security

U.S.G.L. policy makes a strong guarantee of member privacy. Privacy is very fragile; a single breach destroys it forever. As such, we must be extraordinarily careful to guard the privacy of our members.

Therefore, U.S.G.L. policy forbids the storage of identifying information (name, address, phone number, or similar) for any member on any device providing an Internet service. This wording treads an extremely narrow line. Obviously, local body officers will need to process member information on personal computers which are connected to the net, and which therefore are in theory subject to compromise. However, such a computer, if properly safeguarded (with e.g. firewall and antivirus software) is unlikely to be broken into with the purpose of obtaining member data; any compromise is far more likely to be a generic “zombie” takeover for purposes unrelated to the particular data on the machine.

On the other hand, a local body website server is an obvious target for a purposeful attempt to obtain confidential data. The service is highly visible on the net, and cannot be as heavily guarded as a personal computer since it must accept random connections from the net at large.

It is acceptable to place member data on such a server if it does not include personal identifying information. For example, use of a membership ID number to key into other information would be within policy so long as the mapping from ID numbers to names was not stored on the server.

All transmission of confidential information must use a secure channel. Typically this involves either sending the information in a PGP-encrypted email or separately encrypting the information before attaching it to an email. Be careful how and where you store such information after receiving and decrypting it.

In all cases, a member may voluntarily agree to have any of his or her personal data stored or transmitted in any form. Information entered into a web form (or similar web input technology) is taken a implicit permission to store the data provided. However, no system or process which grants access to member privileges (e.g., attendance at an official event or application for an initiation) may require such storage or transmission. There must always be an alternate "offline" path available.

For example, NOTOCON registration is offered online through a website, but one may also register by postal mail, and instructions on how to do so are provided on the website. Similarly, local body annual report form data includes the names of local body officers; such reports may be emailed "in the clear" if all those named expliciltly consent, but must use a confidential channel as described above otherwise.

In any case of ambiguity, or if a security breach is identified or suspected, please contact the U.S.G.L Internet Secretary for assistance.

Comments