|
Grex > Coop > #300: Discussion of staff viewing user data. | |
|
| Author |
Message |
cross
|
|
Discussion of staff viewing user data.
| 
Dec 10 23:28 UTC 2010 |
This item is for discussion about protocol for Grex staff looking at user's
data, specifically data that is protected from viewing by normal users. What
are the circumstances under which staff should look at things? Sometimes it's
legitimate; ie, if the user asks you to look at something, possibly even edit
one of his or her files (say, a shell startup file, if the user is having
problems with it). On the other hand, reading someone's personal email is
clearly not all right under all but the most extreme circumstances (e.g.,
under court order or something like that).
The policy right now is vague; what should it be?
|
| 18 responses total. |
tsty
|
|
response 1 of 18:
|
Dec 11 07:07 UTC 2010 |
http://grex.org/staffnote/sun/privacy.xhtml
|
tsty
|
|
response 2 of 18:
|
Dec 11 07:09 UTC 2010 |
form above:
"When staff does have to look at private information, the basic
principle is to look as narrowly as possible."
which for valisdation p;urposes, and as cross noted HUNDREDS of times, i do.
|
cross
|
|
response 3 of 18:
|
Dec 11 13:31 UTC 2010 |
I don't think we should be doing that. Nor should we be reading any other
type of file --- even if it's world readable --- without good reason.
|
kentn
|
|
response 4 of 18:
|
Dec 11 16:02 UTC 2010 |
The way to do this without having any questions about privacy, is to
get permission from the user first. I think it would be better to do
this than to assume reading private files is necessary. If our current
process does not give contact information, that would be the place to
start, rather than assuming there is no other way to do things or trying
to justify such.
|
jgelinas
|
|
response 5 of 18:
|
Dec 11 19:49 UTC 2010 |
"You can read other people's files. Don't."
|