The Compliance Officer is a role in the PrivacyTools organization responsible for enforcing the written policies and standards inside the organization and, if needed, take action when a violation of the aforementioned policies or standards occurs.
Responsibilities[edit | edit source]
The Compliance Officer is responsible primarily for code of conduct and conflict of interest policy violations. When a violation of these policies is reported, the compliance officer is responsible for investigate the report, collect evidence, talk to people involved, and take any further measures required to properly understand the situation. They are also responsible for officially responding to the reports, and ensuring actions are taken if deemed necessary.
Rights and Powers[edit | edit source]
The Compliance Officer position has a number of rights, including the rights to deal out punishments to team or community members. An example of such a punishment could be the suspension of a community member on one or more community platforms, kicking or shadow-banning members, or stripping a team member of one or more of their voting powers.
The Compliance Officer may also move to remove a team member from their official position on the PrivacyTools team on a temporary or permanent basis, if they deem it necessary following a major policy breach. The Compliance Officer must show significant evidence towards the wrongdoing of any such team member, and the movement must be approved by two other team members before judgement is finalized.
Types of Compliance Officers[edit | edit source]
There are two types of compliance officers in the PrivacyTools organization. The Internal Compliance Officer is the person who will normally deal with all situations, and carries out all the day-to-day duties of the Compliance Officer position. To become an internal Compliance officer, the person must be a PrivacyTools Member for a period of one year, and be voted in to the position by the voting membership.
If it is suspected that the Internal Compliance Officer's judgement can no longer be trusted, or if the Internal Compliance Officer has a personal conflict with the matter being investigated, the situation must be reported to the External Compliance Officer. Reports should only be made to this entity as a form of last resort. The External Compliance Officer has all the same rights as the Internal Compliance Officer, but they may only come into action when prompted by a PrivacyTools Core Team Member.
Current Officers[edit | edit source]
Internal Compliance Officer: Niek de Wilde (2020 Mar 9 - 2021 Mar 8)
Public key fingerprint:
External Compliance Officer: Benjamin from the InfoSec Handbook.
Public key fingerprint: 2AEC691815B8BFD8B5CC845147F66C98AEFD741D (valid until 2021-3-13)
Election[edit | edit source]
The Internal and External Compliance Officers will be elected by the PrivacyTools Membership by vote. The election is valid for one year, after which they are immediately eligible for re-election, or may be challenged by another candidate. There is no term limit for either position.
The Internal Compliance Officer must currently be a PrivacyTools Core Team Member, or have been a PrivacyTools Member for at least 1 year. The External Compliance Officer must be a responsible and trusted individual or organization who should be active in the community, should not be a PrivacyTools Member (this is discouraged, but may be an impossible criteria as the membership grows), and must not be a PrivacyTools Core Team Member, nor have a personal or financial relationship with a Core Team member. Neither position may be held by a person or organization that has any relation to a recommended tool or service on privacytools.io. The PrivacyTools Core Team holds the right to veto the election of an Internal or External Compliance Officer as their privileges allow, however a veto of a membership vote is never taken lightly.
Motion of Distrust[edit | edit source]
If any Member doubts the capacity of the current Compliance Officer to make proper, unbiased, and independent judgements, they are able to call a motion of distrust. The PrivacyTools Membership will be asked to vote whether they still trust the current compliance officer(s) or not. It is up to the opposing party to provide valid arguments or evidence to the rest of the community. If a Compliance Officer is stripped of their role as a result of this election, a new election will immediately begin.