Created
August 3, 2017 19:06
-
-
Save packetpilot/e9327e05d79bebe19aba4a9eaa47d775 to your computer and use it in GitHub Desktop.
Revisions
-
packetpilot created this gist
Aug 3, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,59 @@ ## On Employer Requiring Employees' Full Legal Names in GitHub ### Let's open with a vignette. Imagine a company offers a parking lot to all its employees, but in order for employees to use this parking lot, they must affix a large vinyl graphic with their full legal name on the rear window of the car, on the sides of the car, and on the hood of the car. Anyone somewhat close to the car can easily see the name of the car's owner from practically any angle. So too can traffic monitoring cameras, toll booth cameras, security cameras in commercial parking lots, etc. Now, imagine that cars, while in this lot, are in superposition on every road in front of every camera, and thus literally visible from anywhere, by any person and any robot at any time, so long as they glance in a specific direction. _Because internet._ Lastly, imagine that the use of the parking lot is (somehow) mandatory for all engineers at this company. Would you take a job as an engineer? ### The questions at hand Personally-identifiable information (PII) is everywhere, and the handling of PII by various entities is the aim of many state and federal statutes. While California's likely tend to be more protective of PII than the rest of the US, there are many countries that make even California's protections seem lax (the [GDPR](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation) comes to mind). Nearly a month ago, an email alerted me with an "Action Required" subject, informing me (and seventeen other Company employees) that I should update my GitHub profile to include my "HR First and Last Name". It is important to note here that the name on any GitHub profile is inherently public, visible to all internet-connected people, and all internet-connected robots (think crawlers/scrapers/mining software). As an Operations Engineer at The Company, GitHub is essential to carrying out the functions of my role. I'd estimate that 90% of my work relies on its use. It is therefore my belief that use of GitHub is a requirement for employment as an Operations Engineer (and likely any engineer) within The Company. __As such, my questions are these:__ - Does The Company's definition of PII align with NIST's, either completely, or at least with regard to an uncommon name's inclusion in PII? - Does The Company General Counsel view this "required action" correspondence as a request for consent to voluntarily disclose PII, or a mandate to disclose PII? - If this is a mandate, is it one that The Company can confirm is in accordance with: - US federal employee privacy statutes? - OR employee privacy statutes? - CA employee privacy statutes? - the statutes of other jurisdictions in which GitHub-using The Company engineers reside?