POPVOX on PRIVACY
At many points, the team discussed that POPVOX has a strong business imperative to get privacy right. Civic engagement is different than many other online activities. It requires a neutral, trusted platform. At several points in our discussions, we found ourselves asking, “if we don’t do this, who will?”
The policy is not boilerplate. We asked experts and debated clauses and pared down where we could while staying within the confines of what our lawyers advised. With the legalese structure in place, we will continue to seek input, refine the policy and make improvements when we find a better approach.
A few days ago, I posted the question “ what are privacy best practices for start-ups? ” on Quora , a question-and-answer site that has become a place for discussion for the tech/startup world. I also joined a weekly Tuesday " Privacy Chat " on Twitter, hosted by @CenDemTech (The Center for Democracy & Technology ) and @PrivacyCamp , in which interested participants discuss several privacy-related questions by following the #privchat hashtag. I am grateful to the participants in that chat and Quora contributors, and wanted to respond to some points that came up directly. Points made via twitter are in italics below:
POPVOX is a platform for civic engagement that must address two potentially contradictory data needs: (1) The need to provide users with a safe, trusted environment for providing input on legislation - input that can sometimes be quite personal or private, and (2) The need to provide very specific, personally identifiable data to Congress, to ensure that constituents’ input is weighed appropriately.
POPVOX only works if we balance these two requirements appropriately. Here is how we address them:
1. You can use the site without creating an account. You can access bill information, comments, position papers from organizations.
2. In order to take a position on a bill or leave a comment, you must create an account. You may create a new, name/password login; we also allow the option of using Google, Twitter or LinkedIn OAuth. The information is shared in the following ways:
- Your real name, email, & physical address are shared in an email to your legislator . (This is an “only as much data as we need” issue: your legislator requires it in order to process your message.)
- Your screen name, Congressional district, and comment are publicly available on POPVOX. The public nature of your comment is the key to the effectiveness of POPVOX - to show real-life, curated examples of what people really think about legislation. If you do not want your comment to be public, just choose to support or oppose without leaving a comment, and email your legislator outside of the POPVOX platform.
- If you come to POPVOX via a link from an advocacy organization and you opt to share your information with that organization (via a check box identifying the option and the Organization’s name under the “take action” button) your name, email, and zip code will be shared with that organization.
@alexanderhanff #privchat also you have to be approachable. if a potential or existing customers wants to talk about privacy don't just send them to PP
@NovakKevin #privchat: do your homework upfront before running off in development
@jdp23 Fair Information Practices. get feedback from experts and consumers! treat it as a business priority.#privchat
@GetAbine Collect only the data that's absolutely necessary, & be clear & open about that with customers.#privchat
@PogoWasRight If you're gutsy, run your PP by privacy advocates to see what questions or concerns we have while reading your policy. #privchat
@GetAbine Dedicate your startup to privacy protection & never sway in your vision. Don't sell out. Don't be evil.#privchat
@alexanderhanff Haha, well what about lawyers who ARE privacy advocates? We exist; I'm one of them.#privchat
@alexanderhanff #privchat once established, don't stop, have regular #privacy audits and reviews the same as you do for other areas of your business
@WarrenEHart don't be a weasel. Tell me up front if you're going to use my name / comments in ads to my friends
#privchat Net of discussion: HTTPS = "just do it"