I run a small php/mysql website for a camera club where users can upload photos. I have recently started storing email addresses for doing password resets.
My question is what is the best practice for dealing with users' personal information: are there any laws/legislation regarding what I can do with personal information? Do I need to display my policy for dealing with personal information?
Any further information regarding this subject is greatly received.
Thanks
It's legal to store email in your database. Are you gonna store other more personal information like Credit Card? This might be more problematic.
You have rules about storing credit card information. Abut personal information as name, telephone, etc, i think it's depends from the country. In Australia for example, they have a specific act about it: http://www.privacy.gov.au/publications/ipps.html. You must check in your country. Here in Germany, we are having a lot of troubles with information leakage.
This is something you probably should seek legal advice on, but here are a couple basics, as I understand them (in the US):
First, the main regulator of this issue in the US is the Federal Trade Commission. They have some materials on their website you can look at. The two fundamentals are that you should have a privacy policy and that you should do what it says. If you just download a policy from somebody else’s site and don’t actually do what it says, you can get into trouble.
The second thing to think about is these more recent state laws that require notification if your security gets breached. Here’s a resource on that. Some of those have “safe harbors,” meaning rules that let you get in less trouble for violations, if you encrypt data.
I’m not giving legal advice - this will depend on your location and many other factors, but these are some issues to look into with a lawyer.
There'a privacy policy generator and some templates/examples on the web:
http://www.dmaresponsibility.org/PPG/
and some links here:
http://www.gabrielweinberg.com/startupswiki/Ask_YC_Archive#toc28
(sorta off topic) YOu need to be vigilant at a couple layers: keeping up with PHP's patches, and updates for all public-facing softwaer (web server, load balancer/proxy), and making sure that if somebody does get root and filesystem access on the server, they still can't read the MySQL data: I don't remember much about PHP, but I'm sure there's facilities for encrypting the data either on client, or server-side. Here's a rails/mySQL example
http://www.rorsecurity.info/journal/2007/2/27/rails-friends-securing-mysql-continued.html
IANAL, but after studying the regulations, consider the privacy policy from your users' point of view. They probably know what you are going to do with the information, and also what you are doing to protect their information from unauthorized used by others into whose hands it could fall.
For example, do you intend to use the email addresses for sending them promotional messages? Do you have an opt-out policy? Would you ever consider selling your email list? It could have some commercial value due to the special interest (photography) of the users. Can you promise never to sell their email addresses? Or if you can't promise that, can you promise to warn them before you do that?
Would you ever release personal information about the user who posted a particular photo? Even an innocuous-looking photo of a couple or a child could have unforeseen consequences if the identity (and location) of the photographer were revealed.
Think also of the viewpoint of the club leadership. They don't want to get in trouble with their club members because you have released (or sold) their personal information, or the club's membership list.
To earn the trust of the club leaders and members, consider stating your policy clearly. Mention that the policy might change. You could give the member the option of declaring that all of their personal information will be kept confidential.
If you are seeking to expand your website, you will benefit from having your user's trust.
Canadian requirements can be found here.
They provide an excellent summary of the requirements:
Be accountable - do your best to protect the names and emails you have been given.
Tell your users what information you're keeping and what you're doing with it
Obtain consent - that might be as simple as telling your users that their consent is assumed
Limit collection to only the data you need
Limit the use, disclosure and retention of the data
Be accurate - Do your best to keep the emails up-to-date and correct
Use appropriate safeguards
Be open - post your privacy policy
Give individuals access to the data you are keeping about them
Provide recourse - appoint a "privacy officer" to receive complaints
Posting photos of people without their consent, which is normally achieved through a "release form" could pose some problems. The website I'm involved in has a privacy statement similar to this wherever photos are posted:
This site contains pictures of .... If for any reason, you would prefer your name or picture not to be used, please contact the [email protected] and it will be promptly removed.
P.S. Good for you for proactively addressing this issue.
This is really basic thing, but sometimes featured on thedailywtf.com.
Don't store passwords in clear text.
If you run passwords through a function like md5 before storing them, that makes your username and password database worthless to thieves.