This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Security and Privacy design #5
Comments
|
Do we want to hold it at all? A lot could be pushed out to a 3rd party to handle (ie; meetup), this could even be left to the organiser to pick which would save having to find a solution that works in all jurisdictions. Also using some form of federated auth (live.com, github, facebook, etc) removes that from scope as well |
|
I would propose that each data element be discussed as an issue to be sure that we appropriately decide to hold or not hold it. At the very least, we will need some PII to contact individuals and relate their digital registration to a particular individual. I would be against allowing organizers to pick and choose, as the issues are complex and the respect for privacy varies dramatically. |
|
Agree with Steve, We need a secure by design approach, it would take only a single breach to violate trust. |
|
Pivoting to the user point of view (attendees and speakers), I'd like to propose the following capabilities please. As an attendee and/or speaker, I can:
For items 1 and 2, the granularity would require a good balance of what makes sense for users (too many options to subscribe and unsubscribe would not be great from usability) and for organizers. Thoughts? |
|
Accessibility Links: |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
We will be handling a lot of PII data.
How to make sure we keep the data safe?
How do we make sure that both attendees stay in control of their data?
And give them a way to share as much or little as they want with the sponsors?
What do we do with indirect PII data?
The text was updated successfully, but these errors were encountered: