|
|
 |
 |
| ISTPA Privacy Statement |
| |
Effective January 1, 2000
Introduction
The International Security, Trust, and Privacy Alliance (ISTPA) has created this privacy statement in order to demonstrate our firm commitment to privacy and forwarding solutions to a core set of dependent and fundamental issues facing e-commerce and information society. As a not-for-profit organization dedicated to acting as an international forum and clearinghouse, developing and supporting technology standards and solutions for online security, trust, and privacy we are keenly aware of the many regulatory, technological, and market efforts underway to address privacy. ISTPA has created this privacy statement as one component of a comprehensive Security, Trust, and Privacy Framework we have taken the challenge to shape and forward.
ISTPA As Example
In view of our mission and work with Data Protection Authorities (European, Canadian, and others), US government agencies, industry, online privacy alliances, legal experts, citizens and privacy advocates, we’ve created this privacy statement, not only to demonstrate our commitment to privacy but in setting an example in how organizations can utilize emerging technology to squarely address the security, trust, and privacy challenges facing our expanding digital economy and rapidly evolving information society.
In the months to come ISTPA will add to this web site a machine-readable XML version of this privacy statement utilizing the W3C’s Platform for Privacy Preferences (P3P) work and those of its contributing members. With the assistance of our Proof of Concept team we expect to demonstrate the automated reading and assisted negotiation of privacy preferences in the near future.
Acknowledgements
We would like to acknowledge the work of our member technology and service firms, to TRUSTe, (Privacy Wizard), PricewaterhouseCoopers LLC (Privacy Statement), the W3C and its members (AT&T P3P Proposal Generator and Microsoft P3P Privacy Wizard), Data Protection Authorities, US regulators and legal experts as much of their efforts have contributed to this privacy statement. A special thanks to Diana Alonso Blas of the Registratiekamer (Dutch Data Protection Authority) in more fully understanding the underlining rationale of the EU Data Protection Directive, the work of the Article 29 Working Party and specifically the Directive as it applies to not-for-profit organizations such as the ISTPA.
Contact Us
Should you (our web site guest or members) have comments or questions, feel free to direct these to our privacy office at privacy@istpa.org. We look forward to an active and productive dialogue with visitors and our members.
The ISTPA Privacy Statement
- What information do we collect?
- How is personally identifiable information used?
- Are Cookies used?
- Is information disclosed to Third Parties?
- How long is the information kept?
- Links to Third Party Sites
- What choices are available for collection and use?
- Can I change or delete the information later?
- How is my information secured?
- Who are the data controllers and which sites are included?
- Changes to the ISTPA Privacy Statement
- Children's online privacy protection
- Contact our privacy office
- What information do we collect?
Visitors
The web site automatically logs and collects IP address information (not your e-mail address) to help diagnose problems with our server and to administer our Web site. The web site does not collect any personally identifiable information from visitors to our web site.
Member Applicants and Membership Information
Member applicants may choose to fill out a downloadable Membership Agreement, Member Information Sheet, and Member Representative Datasheet located on our Web site. This data is submitted offline and is not processed via the ISTPA web site. The data collected offline includes, Company Name, Annual Revenue Category (used in membership fee assessment) Subsidiary Status, Parent Company, Company URL, Company Description, Primary and Billing Contact(s), including First and Last Name, Address, Country, Phone, Fax and Email ID.
Visitor Email
Visitors are able to send email through the site. Their messages will contain the email address, as well as any additional information the user may wish to include in the message. Because we use the web site as a membership-recruiting tool, a visit to the web site may also result in the user sending a Member Information Sheet to our webmaster. Although we do not process membership data directly with web-based forms we do accept enrollment material as email attachments.
Sensitive Information
ISTPA policy is not to seek any sensitive information through our web site. Sensitive information includes a number of types of data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record. We suggest that you do not provide sensitive information of this nature.
- How is personally identifiable information used?
The Membership Agreement, Member Information Sheet, and Member Representative Datasheet information is used to process a request for ISTPA membership and is used for billing purposes, enrollment into ISTPA working committees, communication and document exchanges (e.g., email, telephone, fax, and DocSpace) amongst members. The company contacts submitted in the Member Information Sheet or Member Representative Datasheet are published within ISTPA’s Members Only portion of the web site. ISTPA's working committees and members utilize the contact information for forwarding ISTPA projects. ISTPA does not rent or sell member information.
Publication Ordering
Although most publications are provided as free downloads, members and visitors may also have the opportunity in the near future to purchase ISTPA publications either online, by calling toll free numbers, or by faxing order forms. We will collect order information and a customer's credit card information, where applicable, in order to facilitate shipment and payment for the publication.
- Are Cookies used?
Cookies are not used on the visitor portions of our site. They are used in the Members Only portion of the ISTPA web site.
Generally a cookie is generated by a software application on a site's server which enables it to customize services to the interests of the user by tracking the user's navigation through a small text file on the user's hard drive. For example, a cookie can be used to store registration information in an area of the site so that a user does not need to re-enter it on subsequent visits to that area.
Because cookies can be used to track navigational habits, store information on the user's hard drive, and in their early use were not disclosed to the user, the use of cookies has previously raised significant privacy concerns. However, cookies are used to aid in managing web site navigation and facilitate access control features.
If you are concerned about cookies, most browsers now recognize when a cookie is offered, and permits users to opt-out of receiving it. If you are not sure whether your browser has this capability, you should check with the software manufacturer or your Internet Service Provider. It is ISTPA policy to use cookies to make the use of our web Members Only secure and facilitate efficient and accountable use of the document management procedures.
In order to properly manage our web site we may anonymously log information on our operational systems, and identify categories of visitors by items such as domains and browser types. These statistics are reported in the aggregate to our webmasters. This is to ensure that our website presents the best web experience for visitors and is an effective information resource.
- Is information disclosed to Third Parties?
It is ISTPA policy to only disclose information to third parties under the following circumstances:
- as required by law through subpoena, search warrant or other legal process
- when explicitly requested by a visitor or member
- when required to deliver publications or reference materials requested by a visitor or member
- when required to facilitate conferences or events hosted by a third party.
We note that ISTPA's policy is to disclose these parties upon visitors submitting their requests e.g. when ordering a publication, we display the party fulfilling the order. We do not use cookies to collect and distribute information to third parties for any purpose.
ISTPA encourages all web visitors to review the privacy and security policies of all externally linked reference and other services sites. These policies are usually found on a footer on the sites' home page and/or at the point of collection of personally identifiable information.
ISTPA does not collect or compile personally identifying information for dissemination or sale to outside parties for consumer marketing purposes, or host mailings on behalf of third parties.
- How long is the information kept?
Some of the information we receive is not kept - for example, we usually do not keep mailing addresses for white papers. Contact information about visitors (such as information generated through registration for access to areas on the site) will be kept as long as the information is required to completely service the contact request or until a user requests that we delete that information. Mailing list information, discussion posts and email are kept for only the period of time considered reasonable to facilitate the visitor's requests.
- Links to Third Party Sites
Because ISTPA wants to act as a forum and clearinghouse for security, trust and privacy work we provide a number of links to third party sites. ISTPA assumes no responsibility for the information practices of sites a user is able to access through ours, and encourages visitors to review each site's privacy policy before disclosing any personally identifiable information.
- What choices are available for the collection and use of identifying information?
As a policy, visitors are not required to register to gain access to the visitor areas of the ISTPA web site. In certain cases in the future, as our ISTPA web site capability expands, we may require visitors to register in order to obtain a user-id and password, or certificate for authentication and secure access to a Proof of Concept demonstration or ISTPA publication.
Personally identifiable information provided to ISTPA through its web site for such demonstrations, or publication requests is provided voluntarily by visitors. Should visitors subsequently choose to unsubscribe from future mailing lists (presently there is no newsletter mailing list) or any conference registrations, we will provide instructions on the appropriate web site area or in communications to our visitors; or a visitor may contact the webmaster of the appropriate site e.g. webmaster@istpa.org .
- Can I change or delete the information later?
Each member has the right of access to personal data they have submitted through the member registration process or sent by email to ISTPA.
Member updates of information should be handled by going back through the registration process. Inquiries about the accuracy of identifying information previously submitted to ISTPA through its enrollment process, or requests to have outdated information removed, should be directed to: webmaster@istpa.org. ISTPA is committed to providing reasonable and practical access to members to allow them the opportunity to identify and correct any inaccuracies. When requested, ISTPA will delete identifying information from current operational systems.
When personally identifiable information is retained, ISTPA assumes responsibility for keeping an accurate record of the information once a enrolling member has submitted and verified the data. ISTPA does not assume responsibility for verifying the ongoing accuracy of the content of personal information. When practically possible, if ISTPA is informed that any personal data collected through our enrollment process is no longer accurate, ISTPA will make appropriate corrections based on the updated information provided by the member.
- How is my information secured?
ISTPA has implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction. Only authorized ISTPA members are provided access to personally identifiable information and these members have agreed to ensure confidentiality of this information. ISTPA policy is to use secure socket layer technology for the protection of ISTPA committee document exchanges. This policy is also required for any fulfillment agents of ISTPA.
- Who are the data controllers and which sites are included?
This privacy statement applies to the ISTPA web site located within the domain: http://www.new-istpa.org. The data controller collecting the data described herein is ISTPA. By submitting data on ISTPA's web site, or our email address, the enrolling member, member or visitor is providing explicit consent to transborder transmission of data collected on the web site for the fulfillment of their voluntary membership, publication or ISTPA Proof of Concept requests.
- Changes to the ISTPA Privacy Statement
ISTPA reserves the right to modify or amend this Statement at any time and for any reason. Nothing contained in this Statement is intended to create a contract or agreement between ISTPA and any user visiting the site or providing identifying information in any form.
In order to keep members and visitors informed, ISTPA will ensure that we notify users of changes to our Privacy Statement by identifying the alteration for a period of not less than two weeks on our web site at http://www.new-istpa.org and identifying the effective date at the beginning of this statement.
- Children's online privacy protection
ISTPA understands the importance of protecting children's privacy especially in an online environment. The ISTPA web site covered by this privacy statement is not intentionally designed for or directed at children 13 years of age or younger. It is ISTPA's policy never to knowingly collect or maintain information about anyone under the age of 13.
- Contact our privacy office
Although our privacy statement is limited to the site listed above, we welcome your inquiries or comments about our privacy statement and any queries or concerns that you may have about ISTPA's web site. You may direct these to our privacy office at privacy@istpa.org.
To promote Website visitors' education and understanding of privacy issues, we have developed a resource on privacy issues, news, and organizations. We invite you to visit: Network.
|
|
