Two weeks ago the ORCID team woke up to one of our nightmares. We were displaying information on public record pages that our users had marked as “private.” This information was NOT supposed to be visible to the public. We fixed the issue (caused by a small code error with a regrettably large impact), alerted and apologized to the affected people (around 2.5% of registrants), posted information about it on our blog and social channels, and answered email - lots and lots of email. Of the nearly 800 notes we got back, a large percentage of them surprised us. Instead of scathing criticism for not catching this error before it rolled into production (though, we did get our share of these emails too), a majority of the replies were from people thanking us for being forthcoming about our error, and expressing relief that the most sensitive information that could potentially be exposed in an ORCID record is the user’s email address. Many people even pointed out that these addresses are already public on other websites. Feedback on social channels followed the same pattern.
While we were thankful not to have thousands of understandably irate ORCID iD holders, we are extremely disappointed in ourselves that the incident occurred in the first place. We had already planned for significant work in 2016 to formalize security plans and policies and increase our capacity for scalability and reliability, as well as to devote time to understanding what it means to trust an organization like ORCID and a system like the ORCID registry. The incident has sped up the process, and caused us to prioritize our work on these topics.
Today we outline a program that we are calling ORCID Trust, and are opening an invitation to data security and privacy experts to help us vet the program before we formally roll it out in the coming weeks.
ORCID was founded on 10 principles that guide our work. These principles highlight ORCID’s values, which include commitments to privacy, researcher control, transparent governance, and data availability.
User control over registration, what is connected to their iD, and who can access their information are core tenets of ORCID’s offerings. In addition, ORCID understands that reliability, availability, and integrity of our systems and services are essential for the organizations and individuals who trust and rely on ORCID iDs and their association with other information.
Trust starts with transparency. In this program we will be providing information about our privacy and data security practices and policies, and real-time information on system performance and security. We also will provide details about how we maintain transparency, and our commitment to providing a long-lived, persistent identifier. The ORCID Trust program will contain five main components:
SECURITY - Practices and policies around how ORCID keeps your data secure, and your role in this security. This component will contain details about how we secure our data centers, transmissions, and sessions; and how we protect the network that provides access to the ORCID Registry. It will include our disaster recovery, backup, and testing processes, and how we manage scalability and monitor security.
PRIVACY - The ORCID registry was developed with researcher privacy at its core. In this component we will focus on access control to your information. It will include our privacy practices, our principles and approaches to researcher control of data, and descriptions of the type of information that ORCID holds.
COMPLIANCE - This component will include the policies and practices that ORCID uses to ensure that we hold ourselves to the high standards in privacy and data security that our users expect. It will cover how we communicate with users about updates and data requests, how we handle disputes, and will describe our third-party audits. This component also will encompass our internal policies and practices, and the people and technology controls that we put in place to ensure that our policies are followed.
ORCID PERSISTENCE - This component will include how we are ensuring that the ORCID identifier, data, and organization are long-lived, including governance and succession planning. It will contain our sustainability approaches and practices, both for the organization and the ORCID iD, and how we will resume business if something goes wrong.
STATUS - This section will provide uptime reports, details about current incidents, if applicable, and updates about any upcoming planned maintenance.
Next step: seeking experts for participation
As we finalize the ORCID Trust program materials and related internal policies and practices that support it, we are seeking input from data security, privacy, and trust experts from around the world who are willing to review our work, and help make it stronger. If you are an expert in one of these areas and can devote time over the next three weeks to read and comment on the program, please express your interest by contacting firstname.lastname@example.org.