EFF Releases Updated White Paper on Best Practices for Online Service Providers
EFF Releases Updated White Paper on Best Practices for Online Service Providers - Via EFF.org Updates:
Today EFF released a revised white paper on Best Practices for Online Service Providers, an update of the 2004 OSP Best Practices white paper. In the white paper, EFF offers some suggestions, both legal and technical, for the best privacy practices for collecting, storing and disclosing data that balance the needs of OSPs and their users' privacy and civil liberties.
OSPs are vital links between their users and the Internet, offering bandwidth, email, web, and other Internet services. In the process of offering services, OSPs collect and store detailed information about their users and their user's online activities.
User information can be of great interest to the government and civil litigants, leading to numerous requests from law enforcement and lawyers to hand over private user information and logs. Yet, compliance with these demands takes away from an OSP's goal of providing users with reliable, secure network services.
In the OSP Best Practices white paper, we offer information for OSPs in order to help them make sound, ethical decisions about how to safeguard private data and preserve freedom of expression online.
Summary of Recommendations
- Develop procedures for dealing with legal information requests and providing notice to users.
- Work with both attorneys and engineers to develop a privacy policy that fits your OSP’s practices.
- Collect the minimum amount of information necessary to provide OSP services.
- Store information for the minimum time necessary for operations.
- Effectively obfuscate, aggregate and delete unneeded user information.
- Maintain written policies addressing data collection and retention.
- Enable SSL as much as possible throughout your site to secure users’ information and communications.
- Understand threats to the security of sensitive information and communications on your systems, and mitigate them appropriately.
- Follow best-practice principles for the use of cookies on your site.
- Insist that the OSPs and other service providers you work with observe these best practices, too.
OSPs can face many other legal issues beyond user privacy, from DMCA takedown requests to defamation claims to issues with adult materials. While these are outside the scope of the OSP Best Practices paper, EFF recommends that OSPs review the EFF Bootcamp materials, which provides the basics on a number of key legal issues for Web 2.0 companies. We also recommend reading EFF’s Legal Guide for Bloggers, which provides a basic roadmap to the legal issues one may confront as an online publisher.
(Read Original Article - Via EFF.org Updates.)
Twitter
Digg
StumbleUpon
Technorati
del.icio.us
Facebook
Furl
LinkedIn
YahooRecent blog posts
- How Privacy Vanishes Online
- Undercover Feds on Social Networking Sites Raise Questions
- FBI Uses Fake Facebook Profiles To Spy On Suspects
- Lawrence Lessig: Citizens Unite
- Case Report – BCCA says aerial surveillance by telphoto zoom lens not a search
- Obama threatens to veto greater intelligence oversight
- EFF Asks Illinois Appellate Court to Block Unmasking of Anonymous Online Critic
- Who You Love Shouldn't Matter When You Serve
- EFF Posts Documents Detailing Law Enforcement Collection of Data From Social Media Sites
- Smackdown: Consumer Privacy vs. Advertiser Revenue
