 |
||
|---|---|---|
ITCOM |
|
|
Public and Private Data |
|
While the required USPS Privacy Statement and Disclaimers are directed at visitors to our sites, the webmaster of each site has explicit responsibilities to protect the privacy of members and non-members by selecting what information is available for viewing by the public. This includes, but is not limited to, online editions of membership rosters, email address directories, and member-only course and event listings. For instance, while the names of national, district, and squadron bridge officers and executive committee members may be public knowledge, their telephone numbers, home address and email addresses may not. Consequently, before posting any of the above information for public viewing, the webmaster should get permission from the impacted individuals to allow display of that information. The webmaster is also responsible for safeguarding information about all members (and non-members) which is not for general public display. This could include making sure that member email directories or information concerning squadron only activities is not displayed on a page to which the public has access. Methods for doing this are briefly touched on below. USPS has two general classes of national site. The first is the public USPS pages and the second are "Member's Only" (or Committee) pages. A mechanism (customized CGI programs, web server configuration files, and cookies) has been provided to give the "Member's Only" pages a level of security to discourage casual public browsing. The webmaster of squadron or district pages is responsible for making sure none of the links on his/her site bypasses this mechanism and allows the public access directly to specific pages in the non-public site. If there is a desire to link to pages in the national "Member's Only" part of the site, the webmaster should request permission to put up the link from the author of the page. Some exceptions to this rule, for instance access to the Ensign and Boating Course/Boat Smart description pages is unrestricted, exist. The webmaster should check however, before assuming public access is intended. One method a webmaster can use to protect information is to divide it into public and private sections similar to the way the USPS pages are divided. Private pages may be protected in a manner similar to the USPS pages, which is only meant to discourage casual public browsing. If stronger protection is required, login protection with specific user names and passwords for members only may be used. These methods can include server-side CGI programs (Perl, PHP, Shell, etc), client-side (browser) cookies and Javascript, and web server authorization functions (htaccess/htpasswd). For help or more information on setting up the required security for private "Member's Only" pages, contact any ITCom member. |
|
References The Governing Board policy which deals with the privacy of member names, addresses and related roster data is referenced in the Operations Manual, Section 7.9: A roster or directory of officers, members and committees is to be considered strictly proprietary and not available to any outside individual, organization or agency. No member of USPS may use any such source for any purpose, public or private, outside the normal activities of USPS without approval by the Operating Committee. |
|
|