Create a Whistleblowers policy for Privacytools.

[blacklight447-ptio]

In order to develope a proper policy for safe whistleblowing, I wrote this early draft from which we can move further.

I propose as written above two create two roles, and internal, and an external compliance officer. By default, complaints and reports should be send to the internal complaince officer, which should be dealing with the issue. However if the person with the complaint or report feels uncomfortable with talking to the internal officer, they may choose to report to the external compliance officer. An example for the need for this is the situation where the complaint is about the internal complaince officer themself.

I would think that as community manager, it would be fairly appropriate if I became the internal complaince officer, but we still have to get an external complaince officer, which should be someone from outside of the PTIO team, but is still a trusted, but independent, person or organization.

Im looking forward to develope this into a mature policy and guideline, and role this out :)

[Mikaela]

There currently seems to be nothing about transparency. Also technically I think the file should be closer to markdown format.

As an internal compliance officer, would you be creating a gpg key? Currently only you, @BurungHantu1605 and Trai seem to be misisng one.

CC: @privacytoolsIO/content

[blacklight447-ptio]

There currently seems to be nothing about transparency. Also technically I think the file should be closer to markdown format.

As an internal compliance officer, would you be creating a gpg key? Currently only you, @BurungHantu1605 and Trai seem to be misisng one.

CC: @privacytoolsIO/content

I may do that, the role appointment will come last, i would first like to focus on the policy itself, then choose who takes on the role, and how he or she should be made reachable. @danarel already mentioned in the team chat that securedrop may be a good option as well. as PGP may be a bit confusing for lesser technical people, I agree with it.

[LizMcIntyre]

Thanks for working on this important policy @blacklight447-ptio!

Of course, Whistleblower policies are intended first and foremost to protect whistleblowers and make it more likely that any dirty backroom dealings are exposed.

With this in mind, the Whistleblower policy should provide protection for multiple reporting options, including secure drop, forum, github and emails/messages/calls for advice etc.

I love your idea of having an inside and "external" compliance officer who could offer confidential feedback. Blowing the whistle is never easy to do, and sometimes talking with a third party can help.

[blacklight447-ptio]

@LizMcIntyre hey there, im glad you like it.

There is still a lot of work to do, like working out who shall become the internal and external compliance officers, and some further niche details.

[nitrohorse]

LGTM so far, thanks @blacklight447-ptio

[blacklight447-ptio]

I have created a draft page on the wiki entry for this policy:https://wiki.privacytools.io/view/Whistleblower

[jonaharagon]

.github is not the correct location for these files, so I'm closing this issue. We'll work on this entirely on the wiki.

[LizMcIntyre]

How can the public or non-Team Members access the wiki @jonaharagon @blacklight447-ptio? Is there a place where we can see the latest policies or the progress on them?

[jonaharagon]

@LizMcIntyre blacklight left a link in his last comment here.

[blacklight447-ptio]

Yeah, we figuired a wiki would be a more user friendly place to view policies like this, as github might scare off some new community members who are not familiar with it(while basically anyone on the web is familiar with a wiki)