Discussion:
Privacy issues & encryption of data
Jeff Rose
2013-11-19 17:35:00 UTC
Permalink
Through my 9-5 job yesterday, I was informed that beginning next year, the
state of California (maybe others) will require more personally
identifiable information stored in websites to be encrypted.

This includes usernames, email addresses and even first & last names, which
WordPress stores in clear text.

This not only affects sites located in California, but also those who may
have users FROM California.

I'm wondering if anyone has thoughts (not to be taken as legal advice) on
how to handle this in WordPress, or if WordPress core will address this.
--
Jeff Rose
------------------
http://www.jeffrose.ca/twitter
http://www.jeffrose.ca/facebook
Otto
2013-11-19 17:42:58 UTC
Permalink
Post by Jeff Rose
Through my 9-5 job yesterday, I was informed that beginning next year, the
state of California (maybe others) will require more personally
identifiable information stored in websites to be encrypted.
This includes usernames, email addresses and even first & last names, which
WordPress stores in clear text.
This not only affects sites located in California, but also those who may
have users FROM California.
I'm wondering if anyone has thoughts (not to be taken as legal advice) on
how to handle this in WordPress, or if WordPress core will address this.
If it's a California law, then it realistically only affects people
living in California. If I don't encrypt, then California cannot do
anything about it because they lack jurisdiction over me.

But I did a quick search and I cannot seem find any such law. There
was a report in July about California possibly passing such a law, but
the articles on it were short on specific details. Certainly, there
are existing laws to protect information such as social security
number, healthcare info, etc, but "name+email" isn't one of those
things covered by existing law I can find.

Obviously, if such a law exists and affects any significant portion of
the userbase, then WordPress will address it appropriately. But we'd
need more information than rumors. Laws are written down, so I should
be able to find it and read it, if it exists at present.

-Otto
Amy Hendrix
2013-11-19 17:56:17 UTC
Permalink
Everything I found refers to this year's update of the California
Online Privacy Protection Act of 2003. It requires that sites that
collect information from customers have clearly posted privacy
policies; the new update covers recent innovations like Do Not Track
settings. Nothing about encryption, or indeed about user data in the
WP sense of "user".

A decent plain-english explanation is here:
http://blogs.lawyers.com/2013/10/california-online-privacy/

The law itself is here: http://oag.ca.gov/privacy/COPPA
Post by Otto
Post by Jeff Rose
Through my 9-5 job yesterday, I was informed that beginning next year, the
state of California (maybe others) will require more personally
identifiable information stored in websites to be encrypted.
This includes usernames, email addresses and even first & last names, which
WordPress stores in clear text.
This not only affects sites located in California, but also those who may
have users FROM California.
I'm wondering if anyone has thoughts (not to be taken as legal advice) on
how to handle this in WordPress, or if WordPress core will address this.
If it's a California law, then it realistically only affects people
living in California. If I don't encrypt, then California cannot do
anything about it because they lack jurisdiction over me.
But I did a quick search and I cannot seem find any such law. There
was a report in July about California possibly passing such a law, but
the articles on it were short on specific details. Certainly, there
are existing laws to protect information such as social security
number, healthcare info, etc, but "name+email" isn't one of those
things covered by existing law I can find.
Obviously, if such a law exists and affects any significant portion of
the userbase, then WordPress will address it appropriately. But we'd
need more information than rumors. Laws are written down, so I should
be able to find it and read it, if it exists at present.
-Otto
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Guus (IFS)
2013-11-20 16:29:44 UTC
Permalink
Is the world gone crazy, same like this weird Cookie law in The Netherlands?

How can decent websites work without cookies and how annoying for all those
people having to click something to agree with it.

And make people scared for nothing.

----- Original Message -----
From: "Jeff Rose" <***@jeffrose.ca>
To: <wp-***@lists.automattic.com>
Sent: Wednesday, November 20, 2013 1:35 AM
Subject: [wp-hackers] Privacy issues & encryption of data
Post by Jeff Rose
Through my 9-5 job yesterday, I was informed that beginning next year, the
state of California (maybe others) will require more personally
identifiable information stored in websites to be encrypted.
This includes usernames, email addresses and even first & last names, which
WordPress stores in clear text.
This not only affects sites located in California, but also those who may
have users FROM California.
I'm wondering if anyone has thoughts (not to be taken as legal advice) on
how to handle this in WordPress, or if WordPress core will address this.
--
Jeff Rose
------------------
http://www.jeffrose.ca/twitter
http://www.jeffrose.ca/facebook
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Matt Sowden
2013-11-21 14:06:31 UTC
Permalink
It's privacy compliance laws that some governments are implementing now. UK has done it as well [1]. A work around for some implementations could be to use a bar at the top of the page on the user's first visit that says "By continuing to use our site you agree to the use of cookies" like some sites have done. There really isn't a good way to get around the benefits it provides.

[1] http://www.ico.org.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies

Best,
Matt Sowden
+mattsowden
@mattsowden

-----Original Message-----
From: wp-hackers [mailto:wp-hackers-***@lists.automattic.com] On Behalf Of Guus (IFS)
Sent: Wednesday, November 20, 2013 11:30 AM
To: wp-***@lists.automattic.com
Subject: Re: [wp-hackers] Privacy issues & encryption of data

Is the world gone crazy, same like this weird Cookie law in The Netherlands?

How can decent websites work without cookies and how annoying for all those people having to click something to agree with it.

And make people scared for nothing.

----- Original Message -----
From: "Jeff Rose" <***@jeffrose.ca>
To: <wp-***@lists.automattic.com>
Sent: Wednesday, November 20, 2013 1:35 AM
Subject: [wp-hackers] Privacy issues & encryption of data
Post by Jeff Rose
Through my 9-5 job yesterday, I was informed that beginning next year, the
state of California (maybe others) will require more personally
identifiable information stored in websites to be encrypted.
This includes usernames, email addresses and even first & last names, which
WordPress stores in clear text.
This not only affects sites located in California, but also those who may
have users FROM California.
I'm wondering if anyone has thoughts (not to be taken as legal advice) on
how to handle this in WordPress, or if WordPress core will address this.
--
Jeff Rose
------------------
http://www.jeffrose.ca/twitter
http://www.jeffrose.ca/facebook
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Guus (IFS)
2013-11-23 16:39:01 UTC
Permalink
Yeah, I know what's the background.

But to me it's still something like asking permission from car buyers if
it's ok if the car has a differential. What's the use of the question. I may
not want it, but without it the car won't work properly.

----- Original Message -----
From: "Matt Sowden" <***@mi-telemetry.com>
To: <wp-***@lists.automattic.com>
Sent: Thursday, November 21, 2013 10:06 PM
Subject: Re: [wp-hackers] Privacy issues & encryption of data
Post by Matt Sowden
It's privacy compliance laws that some governments are implementing now.
UK has done it as well [1]. A work around for some implementations could
be to use a bar at the top of the page on the user's first visit that says
"By continuing to use our site you agree to the use of cookies" like some
sites have done. There really isn't a good way to get around the benefits
it provides.
[1]
http://www.ico.org.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies
Best,
Matt Sowden
+mattsowden
@mattsowden
-----Original Message-----
Sent: Wednesday, November 20, 2013 11:30 AM
Subject: Re: [wp-hackers] Privacy issues & encryption of data
Is the world gone crazy, same like this weird Cookie law in The Netherlands?
How can decent websites work without cookies and how annoying for all
those people having to click something to agree with it.
And make people scared for nothing.
----- Original Message -----
Sent: Wednesday, November 20, 2013 1:35 AM
Subject: [wp-hackers] Privacy issues & encryption of data
Post by Jeff Rose
Through my 9-5 job yesterday, I was informed that beginning next year, the
state of California (maybe others) will require more personally
identifiable information stored in websites to be encrypted.
This includes usernames, email addresses and even first & last names, which
WordPress stores in clear text.
This not only affects sites located in California, but also those who may
have users FROM California.
I'm wondering if anyone has thoughts (not to be taken as legal advice) on
how to handle this in WordPress, or if WordPress core will address this.
--
Jeff Rose
------------------
http://www.jeffrose.ca/twitter
http://www.jeffrose.ca/facebook
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Loading...