Re: [DebConf18] Privacy and govermental funds
On Sun, May 13, 2018 at 12:11:52PM +0530, shirish शिरीष wrote: > at bottom :- > > On 12/05/2018, ChangZhuo Chen (陳昌倬)wrote: > I would suggest having an example web-page somewhere as and when possible > before the official reconfirmation message goes out (whenever that happens) so > we know how much information would be leaked. Good idea. > As far as e-mail address and mobile number masking is concerned, just the > first > four number themselves give lot of info. > > For instance see India's mobile telephone numbering system. > > https://en.wikipedia.org/wiki/Mobile_telephone_numbering_in_India > > Just the first four numbers themselves tells anybody both my operator and the > region from where I belong. I dunno about other countries but probably each > may > have a different numbering system, how do we ensure that people who might be > ok > with partially masked numbers do not give more than intended ? > > for email addresses, the same thing how would those be partially masked ? I think in this case, we can just let user to mask these information. For example, I can provide the following information to DebConf for fund: * phone: +88690016 * email: c***e...@debian.org In this case, I can ensure the information I gave does not breach the privacy. -- ChangZhuo Chen (陳昌倬) czchen@{czchen,debconf,debian}.org http://czchen.info/ Key fingerprint = BA04 346D C2E1 FE63 C790 8793 CC65 B0CD EC27 5D5B signature.asc Description: PGP signature
Re: [DebConf18] Privacy and govermental funds
at bottom :- On 12/05/2018, ChangZhuo Chen (陳昌倬)wrote: > On Fri, May 11, 2018 at 12:30:39AM +0800, Yao Wei wrote: >> However, we do care about the privacy of attendees, and would like to >> take opt-in approach. During the global team meeting this week we >> discussed to ask attendees on the website if they are willing to give >> such information to the government and the university for us to gather >> more funds to cover the expense. > > > The insurance for day trip [insurance] also require the following > privacy information: > > * Taiwanese: name, personal id, date of birth > * Foreigner: passport name, passport number, date of birth. > > But this one is easy, we can just write a statement about insurance and > people can opt-in to provide these information for day trip insurance. > > > [insurance] > https://salsa.debian.org/debconf-team/public/data/dc18/blob/master/insurance/insurance.md > > I would suggest having an example web-page somewhere as and when possible before the official reconfirmation message goes out (whenever that happens) so we know how much information would be leaked. As far as e-mail address and mobile number masking is concerned, just the first four number themselves give lot of info. For instance see India's mobile telephone numbering system. https://en.wikipedia.org/wiki/Mobile_telephone_numbering_in_India Just the first four numbers themselves tells anybody both my operator and the region from where I belong. I dunno about other countries but probably each may have a different numbering system, how do we ensure that people who might be ok with partially masked numbers do not give more than intended ? for email addresses, the same thing how would those be partially masked ? Looking forward to answers. > -- > ChangZhuo Chen (陳昌倬) czchen@{czchen,debconf,debian}.org > http://czchen.info/ > Key fingerprint = BA04 346D C2E1 FE63 C790 8793 CC65 B0CD EC27 5D5B > -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8
Re: [DebConf18] Privacy and govermental funds
On Fri, May 11, 2018 at 12:30:39AM +0800, Yao Wei wrote: > However, we do care about the privacy of attendees, and would like to > take opt-in approach. During the global team meeting this week we > discussed to ask attendees on the website if they are willing to give > such information to the government and the university for us to gather > more funds to cover the expense. The insurance for day trip [insurance] also require the following privacy information: * Taiwanese: name, personal id, date of birth * Foreigner: passport name, passport number, date of birth. But this one is easy, we can just write a statement about insurance and people can opt-in to provide these information for day trip insurance. [insurance] https://salsa.debian.org/debconf-team/public/data/dc18/blob/master/insurance/insurance.md -- ChangZhuo Chen (陳昌倬) czchen@{czchen,debconf,debian}.org http://czchen.info/ Key fingerprint = BA04 346D C2E1 FE63 C790 8793 CC65 B0CD EC27 5D5B signature.asc Description: PGP signature
Re: [DebConf18] Privacy and govermental funds
We aren't asking their passport number. Also email and phone number can be masked partially. Yao Wei On Fri, May 11, 2018 at 07:11 shirish शिरीषwrote: > On 11/05/2018, shirish शिरीष wrote: > > Reply in-line :- > > > > On 10/05/2018, Yao Wei wrote: > >> Hi, > >> > > > > Hi, > > > >> (I would like to give a recap of previous email, since that information > >> is not complete.) > >> > >> Some of our funds (MEET TAIWAN, NCTU and probably NCHC) requires us to > >> give them a list of attendees. > >> > >> According to the information from MEET TAIWAN, this includes their > >> nationality, phone number, email address, company and occupations to > >> give them the proof that our conference meets their funding requirements > >> (at least 30 foreign people in a conference) and is close to the number > >> of expected attendees during application. > >> > >> NCTU also needs that list to apply funds to cover their own venue cost. > >> > >> However, we do care about the privacy of attendees, and would like to > >> take opt-in approach. During the global team meeting this week we > >> discussed to ask attendees on the website if they are willing to give > >> such information to the government and the university for us to gather > >> more funds to cover the expense. > >> > >> If we agree on this, we have to implement this opt-in page in our > >> registration system (or confirmation page), also tells attendees what > >> data we are gathering, and to whom we are giving to. > >> > > > > As a potential attendee, I do see minefields here as there isn't > > clarity on few topics - > > > > a. How are attendees to know if the data shared would be limited to - > > > > 1. One government organization - in this case meet taiwan > > 2. The University - in this case NCTU > > > > and is/would be there any privacy agreements between these parties and > > debconf to make sure that the information shared isn't spread (at the > very > > least). This would make at least some of the attendees sleep better at > night if they > > need/want to share the info. > > > > b. Some of the information asked is and would be pretty invasive for > > e.g. asking people's mobile numbers, passport number, e-mail address > etc. till we > > don't have any clear idea many people would be hesitant as this data > could be > > easily put to nefarious uses e.g. 'identity theft' . > > > > See my question asked on a similar topic at > > https://travel.stackexchange.com/questions/69473/what-damage-can-person-s-do-if-they-have-your-passport-number-and-visa-control-n > > > c. There is also no clarity about how much funds can be expected per > person > > from 'Meet Taiwan' in exchange of this info. and how that works with > > the budget. > > > > d. On the University side, I can understand at least the part of the > > name and the passport number as I would have to part with that info. if > I were > > staying either at a hotel/hostel or even a guest house for that matter > but that's my > > opinion. > > > > e. There were some other governmental organizations which are/were also > > interested to share some of our expenses, do they similar requirements ? > > > >> This is partially influenced by GDPR requirements because we have many > >> people coming from EU and Taiwan is not protected by the privacy shield. > >> > >> Best regards, > >> Yao Wei > >> > > > > Looking forward for some clarity. > > > > -- > Regards, > Shirish Agarwal शिरीष अग्रवाल > My quotes in this email licensed under CC 3.0 > http://creativecommons.org/licenses/by-nc/3.0/ > http://flossexperiences.wordpress.com > EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8 > >
Re: [DebConf18] Privacy and govermental funds
On 11/05/2018, shirish शिरीषwrote: > Reply in-line :- > > On 10/05/2018, Yao Wei wrote: >> Hi, >> > > Hi, > >> (I would like to give a recap of previous email, since that information >> is not complete.) >> >> Some of our funds (MEET TAIWAN, NCTU and probably NCHC) requires us to >> give them a list of attendees. >> >> According to the information from MEET TAIWAN, this includes their >> nationality, phone number, email address, company and occupations to >> give them the proof that our conference meets their funding requirements >> (at least 30 foreign people in a conference) and is close to the number >> of expected attendees during application. >> >> NCTU also needs that list to apply funds to cover their own venue cost. >> >> However, we do care about the privacy of attendees, and would like to >> take opt-in approach. During the global team meeting this week we >> discussed to ask attendees on the website if they are willing to give >> such information to the government and the university for us to gather >> more funds to cover the expense. >> >> If we agree on this, we have to implement this opt-in page in our >> registration system (or confirmation page), also tells attendees what >> data we are gathering, and to whom we are giving to. >> > > As a potential attendee, I do see minefields here as there isn't > clarity on few topics - > > a. How are attendees to know if the data shared would be limited to - > > 1. One government organization - in this case meet taiwan > 2. The University - in this case NCTU > > and is/would be there any privacy agreements between these parties and > debconf to make sure that the information shared isn't spread (at the very > least). This would make at least some of the attendees sleep better at night > if they > need/want to share the info. > > b. Some of the information asked is and would be pretty invasive for > e.g. asking people's mobile numbers, passport number, e-mail address etc. > till we > don't have any clear idea many people would be hesitant as this data could be > easily put to nefarious uses e.g. 'identity theft' . > See my question asked on a similar topic at https://travel.stackexchange.com/questions/69473/what-damage-can-person-s-do-if-they-have-your-passport-number-and-visa-control-n > c. There is also no clarity about how much funds can be expected per person > from 'Meet Taiwan' in exchange of this info. and how that works with > the budget. > > d. On the University side, I can understand at least the part of the > name and the passport number as I would have to part with that info. if I were > staying either at a hotel/hostel or even a guest house for that matter but > that's my > opinion. > > e. There were some other governmental organizations which are/were also > interested to share some of our expenses, do they similar requirements ? > >> This is partially influenced by GDPR requirements because we have many >> people coming from EU and Taiwan is not protected by the privacy shield. >> >> Best regards, >> Yao Wei >> > > Looking forward for some clarity. > -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8