Leo, On timings... my justification here is that the dates of meetings aren't set, so there's a twofold problem, really. I would like the record to be kept for at least the two meetings following the event at which the CoC was breached (and yes, I'm assuming that most of our breaches will happen at meetings). Furthermore, if one autumn meeting happens in October and the next in November, that means the information may, in some circumstances, only be held for one meeting. On the major and minor, I'm not saying we should determine them, rather I'm saying that classification in general might not be a great idea. Brian Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ________________________________ From: Leo Vegoda <leo@vegoda.org> Sent: Friday 1 April 2022 15:26 To: Brian Nisbet <brian.nisbet@heanet.ie> Cc: coc-tf@ripe.net <coc-tf@ripe.net>; chair-team@ripe.net <chair-team@ripe.net> Subject: Re: [coc-tf] CoC Process and Next Steps CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. Hi Brian, On Fri, Apr 1, 2022 at 1:37 AM Brian Nisbet <brian.nisbet@heanet.ie> wrote:
Leo,
Great stuff, thank you!
The data protection piece is fair, albeit I'd love to expand that to 18 and 36 months to guarantee it covering 3 meetings to more easily spot patterns, but Athina is the expert here.
We didn't spend a long time discussing the specific periods. I suppose there are two questions: - What advantage do we get from retaining records for 50% longer? - How difficult would it be to change the record retention policy, if the Code of Conduct Team wanted to do so?
Under 4 we still say: "In all cases, the RIPE Chair Team and the RIPE NCC will be informed of a decision by the CoC Team before it is implemented." Is it intended to change that language to reflect only major (you said significant, but if we're using minor/major language elsewhere, I'm assuming significant = major) breaches will be informed prior to implementation?
You are right. That needs to be adjusted before we publish the draft.
My biggest concern is that we now have to create broad classifications of what a minor or major breach is, which I'll admit I'd been hoping we could avoid.
Can we not leave that to the Code of Conduct Team, when they are selected? We have given non-exhaustive examples in the lists. If we try to define major and minor we'll still need the Code of Conduct Team to apply their good sense when something different happens. Perhaps it is simplest for them to take account of each individual situation and set a category accordingly? Thanks, Leo