How is the Honey Stick Project related to Privacy?
In a nutshell, if you are collecting information about somebody who visits your website, then that information may be Personally Identifiable Information (PII). Things like credit card numbers, group affiliations, etc. may be considered PII.
One thing I was concerned with in designing the HSP was the fact that my original plan included capturing the IP addresses of people accessing the files on the Honey Sticks. This would potentially allow me to do a lookup in order to find out what company the network was registered to. It might be an ISP, but it might also be a private company.
One could argue that collecting the company name might be considered PII. In the beginning, I did not want to be collecting and handling PII. So, based on wordings found on the OECD website (www.oecd.org) the collection of IP addresses may or may not be considered PII, depending on how you were using it. In the case of using IP addresses for website maintenance and performance tuning, they would not be PII. However, if used for “profiling or targeting” it might be. So, I decided to steer clear of this issue in Stream 0.
As a result, I do not collect IP addresses for the study, even though they do show up in my logs. Logs get rolled over after a period of time.
For all practical purposes, I can not identify individuals who use the Honey Sticks. There may be situations where other logs record a user’s actions and might be able to correlate them. But I do not receive or handle these logs.
For a more detailed discussion of privacy and Honey Sticks, please click HERE to review the paper I wrote on this subject.
In future streams, I may collect PII from Honey Stick users or other individuals, but will have a formal process for handling it.