On Fri, Aug 15, 2025 at 6:43 AM Daniel Gruno <humbed...@apache.org> wrote:
> On 8/15/25 13:30, Jarek Potiuk wrote: > > The email one though is connected with keeping PII though ? (Personally > > Identifiable Information) - so I guess that one would require at least > some > > discussion with the privacy team ? > > I think, as a baseline, we should be working with multiple teams prior > to any survey being published: > > - privacy team for data privacy sanity checks > Yes. The privacy team was involved in the conversation for past surveys [1]. [1] https://cwiki.apache.org/confluence/display/EDI/Survey+-+Launch+Plan > - M&P for messaging and promotion if/when needed > The Marketing team helped with the messaging and getting the word out. Involving marketing early is good because they can also help communicate the findings [2]. [2] https://news.apache.org/foundation/entry/the-state-of-diversity-and-inclusion-in-the-asf-community-a-pulse-check - Projects that have a significant interest in whatever survey is being > assembled. > Good idea. Having projects involved that want to use the results increases the chance that the survey will be useful to them. > It might make sense for us to have a privacy policy specifically for our > surveys in general, which we can then refer to at the beginning of the > survey - preferably before any data is entered. This policy could also > be a guideline for us on how to handle the data. For instance, we could > -- or rather, I think we should/must -- delete or otherwise obfuscate > any PII in surveys no later than 60 days after the survey has been > closed for submissions. > > Let me know what people are thinking with regards to that, and I can > start putting together a privacy policy document for us in our wiki. > For the survey privacy policy, maybe we can again use the ASF Privacy Policy [3]. Since we are looking at using a different tool, maybe re-do the GDPR checklist [1]. [1] https://cwiki.apache.org/confluence/display/EDI/Survey+-+Launch+Plan [3] https://privacy.apache.org/policies/privacy-policy-public.html
