Trusted Computing CoE™ Privacy Policy
Privacy Policy
IntroductionThe mission of the Trusted Computing Center of Excellence™ (CoE) is to lower barriers to adoption and facilitate the principled development and deployment of trustworthy systems. Addressing the needs of the U.S. DoD and DoD contractor community will be a focus for the CoE. This Privacy Policy governs the use of data collected in conjunction with events (co)hosted by the CoE or data required for the operations of the CoE. It is the intent of the CoE to collect a minimal set of data for these purposes and to retain it only as long as needed or as required by law. This Privacy Policy also describes how you may choose to provide data and how you can later access and update this data as needed. We will ask your consent before using your data for purposes other than those outlined in this Privacy Policy. For details on the privacy policy and the use of cookies by our Internet Service Provider related to this website, please see www.trustedcomputingcoe.org/privacy-and-cookies-policy.
What Information We CollectWe collect personal information from CoE event attendees and from CoE members only with your explicit and unambiguous consent. We will not collect your personal information without your consent. For event attendees, this information includes name, email address, title, organization, organization URL, organization affiliation (e.g. FFRDC, government, industry, etc.), and a history of CoE events attended. Some of these events may collect social media linkages for attendees and any online discussion board participation related to the event. The discussion board participation may be posted to the CoE website along with the presentation to which it refers. Presenters at CoE events will be asked to provide a copy of their presentation for hosting on the CoE website, and may decline the request. Presenters will also have the option of signing release forms for video information intended for reuse on the CoE website. For CoE member registration and participation, this information includes name, phone number, facsimile number, email address, mailing address, authentication information, title, organization, organization URL, organization affiliation (e.g. FFRDC, government, industry, etc.), content contributed, distribution restrictions for content, usage instructions for content, membership class, CoE positions held (board member, technical steering committee member, etc.), and membership payment status. Payment for membership will be accomplished by invoicing the member/organization or through online payment. Online payment will be handled by a third party (e.g. PayPal). In either case, the CoE will not retain member financial account information. We will also require proof of US citizenship or USPERS status for those members desiring access to the restricted access repository. We will not record or archive personal information from proof of citizenship or USPERS status. For example, if a member provided a US passport for proof, we will retain a record of when and how we verified citizenship/status, but not the data from the actual passport.
How We Use Your InformationWe will use event attendee information to communicate with you about upcoming meetings, conferences, summits, or other events pertaining to the purview of the CoE. This may include event details such as content, logistics, payment, presenter requirements, presenter deadlines, presenter release information, and other information related to the event. We may share this information with event planning organizations for this purpose. As an event attendee, you will have the ability to ‘opt out’ of receiving this information if you so choose. This information will be used by the CoE for the purposes outlined here and will not be sold to third party organizations nor will it be used for direct marketing by CoE members. We will use CoE member registration information to facilitate collaboration among members. Members will be able to view other member names, organizations, organization URLs, contributed content (subject to the distribution limitations of that content) and board positions held. Other information will remain private unless otherwise shared by the information owner. To the greatest extent possible, email addresses of members will be kept private. We will also use organizational information and URLs of member institutions on the CoE website for promotional purposes. The CoE will NOT post the email addresses, or any contact information for individuals who represent member organizations, to the website unless the member requests that we share that information on the site.
Controlling, Updating, and Deleting Your InformationThe CoE will provide the ability to update your membership information, change your ‘opt out’ status, and/or update other membership account details at any time. We will also delete information that you have provided to us: (a) upon your request or (b) upon termination of your membership. However, CoE will retain a copy of your information if required for legal reasons.
Protecting Your InformationThe CoE will implement data security policies and procedures where prescribed by law (see below) and otherwise use appropriate security measures to protect against the loss, misuse and alteration of data. These precautions will consider the risks involved in handling such sensitive information and current industry best practices will be employed for security and information protection. We will inform you as soon as possible if data breaches occur. Data breaches include unauthorized data acquisition and unauthorized data access. California Privacy RightsCalifornia Consumer Privacy Act (CCPA) law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the types of personal information disclosed to those parties. The CoE will not disclose this information to third parties for direct marketing purposes. For more information on CCPA, see: https://oag.ca.gov/privacy/ccpa New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act The New York SHIELD Act amends the existing data breach notification law and imposes more data security requirements on companies who collect information on New York residents, regardless of where the companies reside. The Act expands the definition “private information” to include account numbers, biometric information, credit/debit card numbers (even without a security code), access codes, usernames, email addresses, passwords, and security questions and answers. For more information on NY’s SHIELD law, see: https://www.nysenate.gov/legislation/bills/2019/s5575 European Union Privacy RightsUnder the General Data Protection Regulation (also known as GDPR), if you are an individual protected by the GDPR you may have certain rights as a data subject. To request information about or avail yourself of those rights, please send an email to mail@trustedcomputingcoe.org with "GDPR Request" in the subject line. In the email please describe, with specificity, the GDPR right you are requesting assistance with. We will respond to you within 30 days. For more information on GDOR, see: https://gdpr-info.eu/ Children's PrivacyThe CoE is not intended for children under the age of 16. We do not knowingly collect or solicit personal information from anyone under the age of sixteen (16), or knowingly allow such persons to register. The CoE does not collect age-identifying information and we do not knowingly collect personally information from children under the age of 16. If you believe that we might have any information from or about a child under 16, please contact us so that we can immediately delete the information. For more information on Children's Online Privacy Protection Rule ("COPPA"), see: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule
Privacy Policy UpdatesUpdates to this Privacy Policy are solely at the discretion of the CoE and may be accomplished without prior notification. Should this Privacy Policy change, the CoE will attempt to notify you via the email address on file. All Privacy Policy changes will be reflected on this page with the prior version of the policy available for comparison.
What Information We CollectWe collect personal information from CoE event attendees and from CoE members only with your explicit and unambiguous consent. We will not collect your personal information without your consent. For event attendees, this information includes name, email address, title, organization, organization URL, organization affiliation (e.g. FFRDC, government, industry, etc.), and a history of CoE events attended. Some of these events may collect social media linkages for attendees and any online discussion board participation related to the event. The discussion board participation may be posted to the CoE website along with the presentation to which it refers. Presenters at CoE events will be asked to provide a copy of their presentation for hosting on the CoE website, and may decline the request. Presenters will also have the option of signing release forms for video information intended for reuse on the CoE website. For CoE member registration and participation, this information includes name, phone number, facsimile number, email address, mailing address, authentication information, title, organization, organization URL, organization affiliation (e.g. FFRDC, government, industry, etc.), content contributed, distribution restrictions for content, usage instructions for content, membership class, CoE positions held (board member, technical steering committee member, etc.), and membership payment status. Payment for membership will be accomplished by invoicing the member/organization or through online payment. Online payment will be handled by a third party (e.g. PayPal). In either case, the CoE will not retain member financial account information. We will also require proof of US citizenship or USPERS status for those members desiring access to the restricted access repository. We will not record or archive personal information from proof of citizenship or USPERS status. For example, if a member provided a US passport for proof, we will retain a record of when and how we verified citizenship/status, but not the data from the actual passport.
How We Use Your InformationWe will use event attendee information to communicate with you about upcoming meetings, conferences, summits, or other events pertaining to the purview of the CoE. This may include event details such as content, logistics, payment, presenter requirements, presenter deadlines, presenter release information, and other information related to the event. We may share this information with event planning organizations for this purpose. As an event attendee, you will have the ability to ‘opt out’ of receiving this information if you so choose. This information will be used by the CoE for the purposes outlined here and will not be sold to third party organizations nor will it be used for direct marketing by CoE members. We will use CoE member registration information to facilitate collaboration among members. Members will be able to view other member names, organizations, organization URLs, contributed content (subject to the distribution limitations of that content) and board positions held. Other information will remain private unless otherwise shared by the information owner. To the greatest extent possible, email addresses of members will be kept private. We will also use organizational information and URLs of member institutions on the CoE website for promotional purposes. The CoE will NOT post the email addresses, or any contact information for individuals who represent member organizations, to the website unless the member requests that we share that information on the site.
Controlling, Updating, and Deleting Your InformationThe CoE will provide the ability to update your membership information, change your ‘opt out’ status, and/or update other membership account details at any time. We will also delete information that you have provided to us: (a) upon your request or (b) upon termination of your membership. However, CoE will retain a copy of your information if required for legal reasons.
Protecting Your InformationThe CoE will implement data security policies and procedures where prescribed by law (see below) and otherwise use appropriate security measures to protect against the loss, misuse and alteration of data. These precautions will consider the risks involved in handling such sensitive information and current industry best practices will be employed for security and information protection. We will inform you as soon as possible if data breaches occur. Data breaches include unauthorized data acquisition and unauthorized data access. California Privacy RightsCalifornia Consumer Privacy Act (CCPA) law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the types of personal information disclosed to those parties. The CoE will not disclose this information to third parties for direct marketing purposes. For more information on CCPA, see: https://oag.ca.gov/privacy/ccpa New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act The New York SHIELD Act amends the existing data breach notification law and imposes more data security requirements on companies who collect information on New York residents, regardless of where the companies reside. The Act expands the definition “private information” to include account numbers, biometric information, credit/debit card numbers (even without a security code), access codes, usernames, email addresses, passwords, and security questions and answers. For more information on NY’s SHIELD law, see: https://www.nysenate.gov/legislation/bills/2019/s5575 European Union Privacy RightsUnder the General Data Protection Regulation (also known as GDPR), if you are an individual protected by the GDPR you may have certain rights as a data subject. To request information about or avail yourself of those rights, please send an email to mail@trustedcomputingcoe.org with "GDPR Request" in the subject line. In the email please describe, with specificity, the GDPR right you are requesting assistance with. We will respond to you within 30 days. For more information on GDOR, see: https://gdpr-info.eu/ Children's PrivacyThe CoE is not intended for children under the age of 16. We do not knowingly collect or solicit personal information from anyone under the age of sixteen (16), or knowingly allow such persons to register. The CoE does not collect age-identifying information and we do not knowingly collect personally information from children under the age of 16. If you believe that we might have any information from or about a child under 16, please contact us so that we can immediately delete the information. For more information on Children's Online Privacy Protection Rule ("COPPA"), see: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule
Privacy Policy UpdatesUpdates to this Privacy Policy are solely at the discretion of the CoE and may be accomplished without prior notification. Should this Privacy Policy change, the CoE will attempt to notify you via the email address on file. All Privacy Policy changes will be reflected on this page with the prior version of the policy available for comparison.