NASA's privacy policies
2 views
Skip to first unread message
Todd
Jun 15, 2010, 1:13:33 PM6/15/10
to HDMC Analytics
When collecting metrics local and NASA's privacy policies have to be
followed.
NASA's privacy policy is posted at:
http://oodt.jpl.nasa.gov/wiki/download/attachments/23003201/NPD-1382.17H.pdf?version=1&modificationDate=1274743214774
These policies only apply to NASA Centers.
The policy defines Information in Identfiable Form (IIF) to be any
information that can directly identify an individual. This includes
name, address, SSN, identifying number or other elements that can
identify an indivudal (race, gender, birth date, geographic location).
Other laws and regulation extend IIF to include e-mail addresses,
biometrics records, phone numbers, and demographics.
Some have interpreted NASA's "identifying number" to include the IP
address of an internet request. I think this is a mis-interpretation
since IP are assigned to machines and not people. While an individual
may primarily use a machine, they may use other machines and so the IP
does not "directly identify" the individual.
NASA's Privacy Procedural Requirements is posted at:
http://oodt.jpl.nasa.gov/wiki/download/attachments/23003201/NPR-1382.1.pdf?version=1&modificationDate=1274743214826
It defines the procedures required to protect "Personally Identifiable
Information" (PII). If any information collected is determined to be
PII it must be protected according to the stated procedures.
If all we collect are IP addresses associated with requests I think
the information collected is not IIF or PII and we are not constrained
by these policies and requirements.
Do we need laywers to comment?
followed.
NASA's privacy policy is posted at:
http://oodt.jpl.nasa.gov/wiki/download/attachments/23003201/NPD-1382.17H.pdf?version=1&modificationDate=1274743214774
These policies only apply to NASA Centers.
The policy defines Information in Identfiable Form (IIF) to be any
information that can directly identify an individual. This includes
name, address, SSN, identifying number or other elements that can
identify an indivudal (race, gender, birth date, geographic location).
Other laws and regulation extend IIF to include e-mail addresses,
biometrics records, phone numbers, and demographics.
Some have interpreted NASA's "identifying number" to include the IP
address of an internet request. I think this is a mis-interpretation
since IP are assigned to machines and not people. While an individual
may primarily use a machine, they may use other machines and so the IP
does not "directly identify" the individual.
NASA's Privacy Procedural Requirements is posted at:
http://oodt.jpl.nasa.gov/wiki/download/attachments/23003201/NPR-1382.1.pdf?version=1&modificationDate=1274743214826
It defines the procedures required to protect "Personally Identifiable
Information" (PII). If any information collected is determined to be
PII it must be protected according to the stated procedures.
If all we collect are IP addresses associated with requests I think
the information collected is not IIF or PII and we are not constrained
by these policies and requirements.
Do we need laywers to comment?
Reply all
Reply to author
Forward
0 new messages