[Chapter-delegates] Notice: Privacy Policy and Personal Data / Email Opt-In

[Sohaib Saleem]

Thank you Todd for this email and very right in saying that we have live up
to standards we advocate for. This will also help us in identifying the
dead emails.

Looking forward to the information session :))

--
Best Regard,

Sohaib Saleem
President ISOC Pakistan
+92 300 919590

On Sep 4, 2017 5:41 PM, "Todd M. Tolbert" <tolbert at isoc.org> wrote:

Good Day Chapter Leaders,



First of all, apologies for the lengthy email, but the topic requires a bit
of background…



Over the last nine months, a small focused team of ISOC Staff and our
General Counsel have been discussing the need of ISOC to update our Privacy
Policy.

We looked at it from the perspective of maintaining personally identifiable
information (PII) of our members while balancing our commitment to privacy
in maintaining that data and adherence to numerous privacy laws around the
world.



This presented us with an opportunity to review our data from the
perspective of where we obtained it, and if had we obtained consent
(opt-in) to have and use that data.

We found that in many unintentional ways we were not living by the
standards we advocate for, and we were most likely not going to meet the
requirements of the EU GDPR and other laws in other countries around the
world.



The main issues are:

1)    Our Privacy Policy had been out of date for some time and does not
include up-to-date, best-of-breed standards that need to be met for legal
and advocacy reasons.

2)    We had not received an implicit opt-in to send email to many
individuals in our database.

3)    We have never asked for an implicit opt-in to hold and utilize PII.

4)    Where we had input non-member data for individuals, we have not been
tenacious about recording where the data came from (business cards from
meeting at events, etc).

5)    We found that our methodology for opting OUT of emails or cancelling
membership and removing PII would not pass any current legal review,
including CAN-SPAM, CASL and the new GDPR (US Antispam Law, Canadian
Anti-Spam Law and European Commission General Data Privacy Regulations).



We have completed a re-write of our Privacy Policy to meet or exceed many
privacy laws and have published that statement of policy on 18 August. To
facilitate this new policy, we rewrote some areas of the Membership
Management Portal and the Email Preference Center and will be rolling those
out as soon as possible.



Why is this important for ISOC?

•       Legal compliance - GDPR and likely other laws around the world will
require this at some point in the very near future.

•       Meeting our Ethical Data handling responsibilities as an
organizational citizen on the Internet

•       Laying the ground work and asking permissions to collect more data
about our relationships with members of all types so that we can better
service the needs of the community.



And while not mission based, this work also gives us the opportunity for
cleaning up our database in preparation for a new Association Management
System (AMS) in 2018.



The final step for ISOC is to follow GDPR standard by asking all members to
opt-in for email communication and opt-in to allowing ISOC to maintain PII
in our systems.  The notification will start with the roll-out of our new
Membership Management Portal which *will happen in the next seven days*.
The first time a member logs in to an ISOC web property (Connect, Inforum,
Email Preference Center or the Membership Management Portal) we will ask
for this opt-in. After InterCommunity 2017, we will start an active email
campaign to request this re-opt-in to all member email addresses in our
database.



At that time, we would like to hold some information sessions with the
chapters on the next steps with regards to the opt-in process.  At this
point we wanted you to be aware of the newly published Privacy Policy and
the capabilities that will be available to all current members, new members
and non-members in our database.



Thank you very much,

Todd





-- 

Todd M. Tolbert
Chief Administrative Officer
Internet Society

1775 Wiehle Avenue, Suite 201

Reston, VA 20190

E: tolbert at isoc.org
Zoom.us <https://isoc.zoom.us/>: tolbert at isoc.org



_______________________________________________
As an Internet Society Chapter Officer you are automatically subscribed
to this list, which is regularly synchronized with the Internet Society
Chapter Portal (AMS): https://portal.isoc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20170904/b67d2222/attachment.htm>