Privacy Policy for Robert Gellman
Privacy and Information Policy Consultant
and for <>

Version 1.11
June 2, 2006

As a practitioner of Fair Information Practices as a basis for implementing privacy policies, I practice what I preach. This policy establishes Fair Information Practices for personal information collected or maintained in connection with this website or otherwise as part of my business activities. This policy does not cover personal data obtained in my personal capacity. Nevertheless, I expect to process information obtained from friends, acquaintances or others with discretion and in appropriate ways that will be similar to the policies set forth here.


This policy describes the processing of personal data obtained through this website and in connection with my business activities. It is unusual for me to maintain personal information in connection with my business activities but it can happen.

This policy may change from time to time in response to new laws, changes in the hosting company, changes in the hosting company’s independent policies or practices, changes in my business, or otherwise. While I reserve the right to make any changes to this policy, I do not anticipate making major adjustments in the general approach outlined here. When possible, I will post changes that I plan to make to this policy on my website before they take effect. If any client or prospective client would be adversely affected by a voluntary change, I will normally try to discuss the change with the client first.

Collection Limitation

This website does not routinely collect any information from visitors. If I obtain any personal information about visitors, I normally delete it promptly after receipt without review and without any attempt to identify visitors. Visitors may choose to provide personal information to me through email. However, this website does not maintain a hot email link (to limit the collection of my email address by spammers). A visitor who uses independent email facilities to provide information to me determines what information to provide and faces the possibility that I will keep that data.

The hosting company ( may maintain web logs or otherwise collect information about website visitors, including personally identifiable information. Those who are interested in the hosting company’s policies and practices can visit the website at <>. The information about website visitors maintained by the hosting company is accessible to me. In any event, I have no intention of routinely seeking or using that information. However, in the event that I find evidence of hacking, harassment, or illegal activity on the website, I reserve the right to collect or maintain any relevant information about visitors available from the hosting company or elsewhere.

Data Quality

Since I usually collect no personal data through the website, the standards of relevance, accuracy, necessity, completeness, and currency do not meaningfully apply. However, anyone who provides personal data may ask me to correct, update, or delete it. I will comply with reasonable requests. I may retain any data as originally provided if I conclude that I may need the data for legal or tax purposes. I retain general business data without a fixed disposal schedule, but I may discard data at any time if I determine that the need no longer exists or if technical limitations require that some data be purged.

Purpose Specification

When any individual provides me with personal information in connection with my business activities, that information may be used or disclosed for reasonable business purposes. However, personal information provided by clients or prospective clients will ordinarily not be disclosed in identifiable form without the consent or knowledge of the client or prospective client. I may use or disclose other client provided information in a manner consistent with client instructions and legal requirements. I normally treat business information obtained from clients as confidential unless otherwise agreed or unless the information is otherwise public.

I may disclose data when required by law, in response to a subpoena, or if served with a search warrant. If appropriate, feasible, and lawful, I will make reasonable attempts (via telephone or email) to tell the data provider and/or data subject about any of these disclosures, either before or after they occur. In addition, I may voluntarily disclose data about website activities to law enforcement, to the website hosting company, or to security providers or other investigators in connection with the operation of this website.

Use Limitation

I may use personal data provided in connection with my consulting practice for business purposes. Ordinarily, that means providing services to a client or discussing the provision of services with a prospective client. If I plan to allow associates or colleagues to use client data, I will normally seek the written or oral consent of the data provider.

Security Safeguards

I normally keep personal data I obtain in my home office, where the data is not routinely accessible to anyone but myself. My home office is in a house that has normal security for a residence. An Internet firewall protects data against improper access via the Internet. I maintain some backup files in a safe deposit vault at a bank.  I also use commercially available virus software.

If appropriate, I may protect personal information on my computer using standard commercially available, low-level encryption. However, the need for encryption is rare. The hosting company provides security for the website Those who are interested in the hosting company’s policies and practices can visit the website at <>.

Individual Participation

Any individual who is the subject of personal information that I maintain may ask: 1) if I maintain any information about him or her; 2) to see the information that I maintain; 3) to correct, update, or delete the information. I will consider and grant reasonable requests without charge. If I deny a request, I will state a reason. If I refuse to correct, update, or delete information, the data subject may submit a concise statement of disagreement that I will retain and disseminate to others in the event that I share the disputed information.


I am responsible for the content of this policy and for complying with its requirements. Complaints or questions may be directed to:

Robert Gellman
Privacy and Information Policy Consultant
419 Fifth Street SE
Washington, DC

My email address appears on the home page .

Policy History  

Version 1.11 fixed a few typos.  (June 2006)
Version 1.1 was the first publicly posted version. (May 2006)
Version 1.0 was a draft policy document never posted on the website

Back to home