Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create a Whistleblowers policy for Privacytools. #5

Closed

Conversation

@blacklight447-ptio
Copy link
Member

blacklight447-ptio commented Feb 7, 2020

In order to develope a proper policy for safe whistleblowing, I wrote this early draft from which we can move further.

I propose as written above two create two roles, and internal, and an external compliance officer. By default, complaints and reports should be send to the internal complaince officer, which should be dealing with the issue. However if the person with the complaint or report feels uncomfortable with talking to the internal officer, they may choose to report to the external compliance officer. An example for the need for this is the situation where the complaint is about the internal complaince officer themself.

I would think that as community manager, it would be fairly appropriate if I became the internal complaince officer, but we still have to get an external complaince officer, which should be someone from outside of the PTIO team, but is still a trusted, but independent, person or organization.

Im looking forward to develope this into a mature policy and guideline, and role this out :)

in order to develope a proper policy for safe whistleblowing, i wrote this early draft from which we can move further.

I propose as written above two create two roles, and internal, and an external compliance officer. By default, complaints and reports should be send to the internal complaince officer, which should be dealing with the issue. However if the person with the complaint or report feels uncomfortable with talking to the internal officer, they may choose to report to the external compliance officer.  An example for the need for this is the situation where the complaint is about the internal complaince officer themself.

I would think that as community manager, it would be fairly appropriate if I became the internal complaince officer, but we still have to get an external complaince officer, which should be someone from outside of the PTIO team, but is still a trusted, but independent, person or organization.

Im looking forward to develope this into a mature policy and guideline, and role this out :)
@blacklight447-ptio blacklight447-ptio mentioned this pull request Feb 7, 2020
Copy link
Member

Mikaela left a comment

There currently seems to be nothing about transparency. Also technically I think the file should be closer to markdown format.

As an internal compliance officer, would you be creating a gpg key? Currently only you, @BurungHantu1605 and Trai seem to be misisng one.

CC: @privacytoolsIO/content

Whistleblower_policy Outdated Show resolved Hide resolved
good catch.

Co-Authored-By: Mikaela Suomalainen <mikaela@mikaela.info>
@blacklight447-ptio

This comment has been minimized.

Copy link
Member Author

blacklight447-ptio commented Feb 7, 2020

There currently seems to be nothing about transparency. Also technically I think the file should be closer to markdown format.

As an internal compliance officer, would you be creating a gpg key? Currently only you, @BurungHantu1605 and Trai seem to be misisng one.

CC: @privacytoolsIO/content

I may do that, the role appointment will come last, i would first like to focus on the policy itself, then choose who takes on the role, and how he or she should be made reachable. @danarel already mentioned in the team chat that securedrop may be a good option as well. as PGP may be a bit confusing for lesser technical people, I agree with it.

@LizMcIntyre

This comment has been minimized.

Copy link

LizMcIntyre commented Feb 7, 2020

Thanks for working on this important policy @blacklight447-ptio!

Of course, Whistleblower policies are intended first and foremost to protect whistleblowers and make it more likely that any dirty backroom dealings are exposed.

With this in mind, the Whistleblower policy should provide protection for multiple reporting options, including secure drop, forum, github and emails/messages/calls for advice etc.

I love your idea of having an inside and "external" compliance officer who could offer confidential feedback. Blowing the whistle is never easy to do, and sometimes talking with a third party can help.

@blacklight447-ptio

This comment has been minimized.

Copy link
Member Author

blacklight447-ptio commented Feb 7, 2020

@LizMcIntyre hey there, im glad you like it.

There is still a lot of work to do, like working out who shall become the internal and external compliance officers, and some further niche details.

Copy link
Member

nitrohorse left a comment

LGTM so far, thanks @blacklight447-ptio

@blacklight447-ptio

This comment has been minimized.

Copy link
Member Author

blacklight447-ptio commented Feb 9, 2020

I have created a draft page on the wiki entry for this policy:https://wiki.privacytools.io/view/Whistleblower

@JonahAragon

This comment has been minimized.

Copy link
Member

JonahAragon commented Feb 13, 2020

.github is not the correct location for these files, so I'm closing this issue. We'll work on this entirely on the wiki.

@LizMcIntyre

This comment has been minimized.

Copy link

LizMcIntyre commented Feb 18, 2020

How can the public or non-Team Members access the wiki @JonahAragon @blacklight447-ptio? Is there a place where we can see the latest policies or the progress on them?

@JonahAragon

This comment has been minimized.

Copy link
Member

JonahAragon commented Feb 18, 2020

@LizMcIntyre blacklight left a link in his last comment here.

@blacklight447-ptio

This comment has been minimized.

Copy link
Member Author

blacklight447-ptio commented Feb 19, 2020

Yeah, we figuired a wiki would be a more user friendly place to view policies like this, as github might scare off some new community members who are not familiar with it(while basically anyone on the web is familiar with a wiki)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.