We are working on privacy policies within SurveyStack, and realizing maybe we need a two tiered system. One tier is SurveyStack’s baseline policy, which (I think) is just a description of the privacy options (private v public data) and some information about how it may be accessed internally by developers for bug fixing, no use by third parties, no sharing ever… etc.
But then we need another layer which is organizationally determined. So if OpenTEAM has an organization in SurveyStack (or GM, or whatever) they should be able to layer a policy on top of ours. That policy may be more detailed about farmers rights to data, or sharing with third parties, or other conditional use. This should be defined in the organizations admin profile.
Does this sound right? What is the status of OpenTEAMs privacy discussions? Is there someone in the community who can help get this kind of wording right - like do we have a lawyer or something? In the case of other platforms… what do you do? Do you feel like you have a good process, or would like some help on this?
Any thoughts / ideas would be helpful.