Jump to content

You're browsing the 2004-2023 VATSIM Forums archive. All content is preserved in a read-only fashion.
For the latest forum posts, please visit https://forum.vatsim.net.

Need to find something? Use the Google search below.

VATSIM Virtual Airlines - Policy Changes


Antonio Dujmovic
 Share

Recommended Posts

Antonio Dujmovic
Posted
Posted

Dear VA Partners/Associates,

Due to recent changes in our VA department, we will be resetting 
all audit due dates, and per section 3.2.1.1.3 of VA Partners Policy, we will be changing the audit frequency from once every 365 days to once every 90 days. We ask all Partners/Associates to verify they still meet their VA Status requirements, so that we may properly audit every Partner/Associate VA without any issues.

You can find our Partner and Associate policies here:

VA Partners Policy
VA Associates Policy


If your VA meets all the requirements for your current status, there is no further action required.
In the case that your VA does not meet minimum requirements, you will be notified about the issue, and the VA will be suspended for a period of 11 days. If you do not manage to meet the minimum requirements while under the suspension period, your VA will be placed into our Associate program, about which you can find out more on the policy link above.

We also encourage and welcome any VA Staff Member to join our VA Discord.

If you have any questions or concerns, please let me know.

Antonio Dujmovic
VATSIM - Director of Virtual Airlines

Link to comment
Share on other sites

George Peppard
Posted
Posted (edited)

Whilst I do not own a VA myself, I am a member of several partnered VAs and represent a platform that hosts around a hundred VAs, many of which are either current VATSIM partners or are looking to become VATSIM partners in the future. Your department of all must know that running the VA and providing a quality service to its members should be at the forefront of the VA management's mind.

The VA audit process, whilst it may not seem like it to VA auditors, is in a lot of cases a heavily manual process, requiring VA staff to compile not only a list of pilots that are also members of VATSIM, but pilots who are members of VATSIM and have flown in the last 90 days on the network. For VAs with 100 members this is relatively simple; for VAs with 10,000 members this is a lengthy process, and so the common solution is to ask VA members if they are willing to volunteer their VATSIM IDs for delivery to the VA audit team. Once a year this is fine, four times a year this will most certainly start to annoy pilots, VA staff, or both. VATSIM does not publish a way for VAs (or their platforms) to programmatically retrieve past statistics. It is a manual process for VAs to check connections within the last 90 days; for VATSIM, it is not.

For large VAs, time moves relatively slowly. If a VA meets the partnership requirements at the start of the year, they're probably still going to meet the requirements in three months. Auditing VAs four times a year, whilst it may keep the department busy, will take up a significant amount of time on the part of VA managers having to compile statistics on network-connected members. Large VAs tend to be managed by people with careers, higher education, or both, so time spent preparing for these audits is time not spent on maintaining the VA and doing things that will make a difference to pilots.

Why has the frequency of audits been increased?

I'd also like to ask why VATSIM collects names of pilots when auditing VAs? How does VATSIM handle this data (which is personally identifiable information) properly. Do you retain the data? Who has access to the data; is it restricted to people that need it, or can the whole VA relations department see it? Why can VATSIM not match IDs to names on their side? The CID is also personally identifiable information; what processes do you have in place to ensure this is processed correctly?

Thanks in advance for your response - I appreciate this is a strongly worded post but I have several people behind me who feel very strongly about this, and I want to make sure I get their points across.

Edited by George Peppard
  • Like 1
  • Thanks 3

All the best,

George Peppard
ATC Examiner (S1, S2)
VATSIM United Kingdom Division

Link to comment
Share on other sites

Jan Podlipsky
Posted
Posted (edited)
17 minutes ago, George Peppard said:

Whilst I do not own a VA myself, I am a member of several partnered VAs and represent a platform that hosts around a hundred VAs, many of which are either current VATSIM partners or are looking to become VATSIM partners in the future. Your department of all must know that running the VA and providing a quality service to its members should be at the forefront of the VA management's mind.

The VA audit process, whilst it may not seem like it to VA auditors, is in a lot of cases a heavily manual process, requiring VA staff to compile not only a list of pilots that are also members of VATSIM, but pilots who are members of VATSIM and have flown in the last 90 days on the network. For VAs with 100 members this is relatively simple; for VAs with 10,000 members this is a lengthy process, and so the common solution is to ask VA members if they are willing to volunteer their VATSIM IDs for delivery to the VA audit team. Once a year this is fine, four times a year this will most certainly start to annoy pilots, VA staff, or both. VATSIM does not publish a way for VAs (or their platforms) to programmatically retrieve past statistics. It is a manual process for VAs to check connections within the last 90 days; for VATSIM, it is not.

For large VAs, time moves relatively slowly. If a VA meets the partnership requirements at the start of the year, they're probably still going to meet the requirements in three months. Auditing VAs four times a year, whilst it may keep the department busy, will take up a significant amount of time on the part of VA managers having to compile statistics on network-connected members. Large VAs tend to be managed by people with careers, higher education, or both, so time spent preparing for these audits is time not spent on maintaining the VA and doing things that will make a difference to pilots.

Why has the frequency of audits been increased?

I'd also like to ask why VATSIM collects names of pilots when auditing VAs? How does VATSIM handle this data (which is personally identifiable information) properly. Do you retain the data? Who has access to the data; is it restricted to people that need it, or can the whole VA relations department see it? Why can VATSIM not match IDs to names on their side? The CID is also personally identifiable information; what processes do you have in place to ensure this is processed correctly?

Thanks in advance for your response - I appreciate this is a strongly worded post but I have several people behind me who feel very strongly about this, and I want to make sure I get their points across.

+1 - Since our VA is using an externally administered system as a "customer", having to do this every 90 days will be a major headache for us. Especially since we are not the owners of said data, so we have to resort to contacting individual pilots which then pose as volunteers into the list we are giving to VATSIM. And as the system in question is the most popular one, I expect many VAs to have this issue.

Edited by Jan Podlipsky
  • Thanks 2
Link to comment
Share on other sites

Matthew Beddow
Posted
Posted (edited)

Hello Antonio and welcome to the VA audit department. 
It is nice to see members with such little experience being given these opportunities.

While I echo the comments above about your changes being manifestly excessive, I have a few further points to add.
I have read you VA Partner policy, and nowhere in the policy (and especially not the section you have referenced) does it give you the right to change the audit frequency, nor does the policy give you the right to "reset" the audit status of airlines who are already compliant with the policy.

A change in membership of your own department should also not necessitate the resetting of the audit clocks, as surely this data is held within the department and past audit information is available to the new members? Or have you been playing fast a loose with with this data and not keeping your own audits of who has access to data and where it is kept?


You have asked that VA's verify they meet the requirements of the policy to remain as a partner VA, yet you provide zero tools that allow VA's to effectively manage this process. As this data is held by Vatsim, surely it is YOUR responsibility to audit your own data and verify if a VA conforms to the policy? For example, a VA only needs to provide their website address held in the remarks section, and you can process the list of active pilots yourselves?

You also state that, if a VA verifies their status, then no further action is required. It doesn't specify who I verify this with, or who has to be informed. It is therefore reasonable to assume that a VA can verify themselves and take no further action, with the expectation that you will be contacting VA's who you don't think qualify, providing evidence as to why their status is being put on hold?

 

 

The way I see the VA partnership is it's a two way street, you need the VAs on your network to survive, just as much as the VAs need vatsim to make flying enjoyable. Surely you should be working with VAs on how to make the relationships better, not do everything you can to upset and alienate the VAs and the platforms they operate on?

Edited by Matthew Beddow
  • Like 2
Link to comment
Share on other sites

Lukas Jankauskas
Posted
Posted (edited)

In echo all of the above - the VATSIM VA auditing process has always been burdensome, intrusive and against GDPR.

Instead of developing tools to make the process easier - you just made this even more burdensome. Is the goal of the policy to root out inactive VAs? If so, I applaud you - the list is woefully full of poor and inactive VAs. However, what you're doing is alienating a ton of other VAs who will find this overreach burdensome. What does VA get from being a VATSIM Partner? A mention in a long list of VAs - my google search of 'Virtual Airlines' does not feature VATSIM VA list in the first page and I believe that increased auditing will result in people just dropping out from your list as it's just not worth the hassle.

It's 2022 for crying out loud - some reasonable technology could be put in place where either this becomes lot less cumbersome with pilots following a VATSIM link to 'join up' a VA for your records or some common sense - what are the odds that the giants of VA world like BAW or vRYR or vEZY and many many others with pilot rosters of 1000+ pilots will fall out of 20 pilot requirement?

Edited by Lukas Jankauskas
  • Like 1
Link to comment
Share on other sites

Matthew Beddow
Posted
Posted (edited)
21 minutes ago, Lukas Jankauskas said:

my google search of 'Virtual Airlines' does not feature VATSIM VA list in the first page

I think you would struggle to find the list if you even looked for it these days. Since the website redesign I've not been able to find it.

 

Ever a search for "vatsim va partners list" doesn't return the list...

Edited by Matthew Beddow
  • Haha 1
Link to comment
Share on other sites

Michael Gold
Posted
Posted

+1 to George's comments.

Will VATSIM be auditing my partner VA (vspirit) using the statistics they have internally available, or do I have to turn over a report every 90 days with this information? It seems like the latter would be the case, but the communication also says "If your VA meets all the requirements for your current status, there is no further action required." so the signals are mixed.

  • Like 2
Link to comment
Share on other sites

Antonio Dujmovic
Posted
Posted (edited)

 

1 hour ago, George Peppard said:

Whilst I do not own a VA myself, I am a member of several partnered VAs and represent a platform that hosts around a hundred VAs, many of which are either current VATSIM partners or are looking to become VATSIM partners in the future. Your department of all must know that running the VA and providing a quality service to its members should be at the forefront of the VA management's mind.

The VA audit process, whilst it may not seem like it to VA auditors, is in a lot of cases a heavily manual process, requiring VA staff to compile not only a list of pilots that are also members of VATSIM, but pilots who are members of VATSIM and have flown in the last 90 days on the network. For VAs with 100 members this is relatively simple; for VAs with 10,000 members this is a lengthy process, and so the common solution is to ask VA members if they are willing to volunteer their VATSIM IDs for delivery to the VA audit team. Once a year this is fine, four times a year this will most certainly start to annoy pilots, VA staff, or both. VATSIM does not publish a way for VAs (or their platforms) to programmatically retrieve past statistics. It is a manual process for VAs to check connections within the last 90 days; for VATSIM, it is not.

For large VAs, time moves relatively slowly. If a VA meets the partnership requirements at the start of the year, they're probably still going to meet the requirements in three months. Auditing VAs four times a year, whilst it may keep the department busy, will take up a significant amount of time on the part of VA managers having to compile statistics on network-connected members. Large VAs tend to be managed by people with careers, higher education, or both, so time spent preparing for these audits is time not spent on maintaining the VA and doing things that will make a difference to pilots.

Why has the frequency of audits been increased?

I'd also like to ask why VATSIM collects names of pilots when auditing VAs? How does VATSIM handle this data (which is personally identifiable information) properly. Do you retain the data? Who has access to the data; is it restricted to people that need it, or can the whole VA relations department see it? Why can VATSIM not match IDs to names on their side? The CID is also personally identifiable information; what processes do you have in place to ensure this is processed correctly?

Thanks in advance for your response - I appreciate this is a strongly worded post but I have several people behind me who feel very strongly about this, and I want to make sure I get their points across.


Hi, George. I appreciate the response, and I will do my best to answer properly. Do apologize if I make a mistake here and there or miss something. This is a rather large message.


Most airlines use systems that can automatically make a list of their pilots, or even make a public web roster like most airlines we've audited in the past few days or so have. If a VA has 10,000 members, then I'm pretty sure they have slightly advanced systems that can automatically print out a list of all their members on the roster. When the pilots give their CID to the airline, the airline holds responsibility of what happens with that CID on their end. Although, I will admit, we should have taken better care of these types of situation, and I will do my best to address it together with our VP. We can not know whether the airline has permission from the pilots to use it for the audit process, but it is something we require so we can check on our end that the airline meets the requirements. This shouldn't require any action from the pilot, except agreeing to the airline's terms, which should include the portion of what happens with their VATSIM CID. How that CID is handled, is the airline's responsibility and we can not take any for what happens with the CID unless there was a breach on our side. We simply ask for airlines to provide us with CIDs, so we can verify them on the network.

The frequency of audits has been increased because anything can happen within a month, or two, or 4 months, and we have found a lot of cases where an airline stops operating within their first few months of becoming a partner, and they just stay listed on the VA Partners list until the next audit, which takes attention from some other airline who is still operating, crowds up the already long list which is due a rework, and because we wish to have more frequent statistics of airlines. 

Another thing regarding long-time, big VAs is that we were in the process of working on a new status named Heritage VAs, which would be audited once a year, and would be offered to airlines with 100+ members that have been operating for minimum 3 years. (Subject to change)

As to why VATSIM collects names of pilots when auditing VAs, we do not ask for that. We ask for CIDs, which are linked to their names because of how VATSIM operates. That is out of our control and unfortunately, the VA Department can not do anything about it.
Access to that data has 7 Audit Managers, myself, and our VP. (EDIT: 1525z, Aug 10, 2022)

I'd like to add a note that while I myself don't agree with some of the stuff how we do, I can not change it instantly, as I became this department's director only 2 weeks ago, and I'm still working on a lot of stuff. Please bear with us a little bit while we sort out the department.

 

 

1 hour ago, Matthew Beddow said:

Hello Antonio and welcome to the VA audit department. 
It is nice to see members with such little experience being given these opportunities.

While I echo the comments above about your changes being manifestly excessive, I have a few further points to add.
I have read you VA Partner policy, and nowhere in the policy (and especially not the section you have referenced) does it give you the right to change the audit frequency, nor does the policy give you the right to "reset" the audit status of airlines who are already compliant with the policy.

A change in membership of your own department should also not necessitate the resetting of the audit clocks, as surely this data is held within the department and past audit information is available to the new members? Or have you been playing fast a loose with with this data and not keeping your own audits of who has access to data and where it is kept?


You have asked that VA's verify they meet the requirements of the policy to remain as a partner VA, yet you provide zero tools that allow VA's to effectively manage this process. As this data is held by Vatsim, surely it is YOUR responsibility to audit your own data and verify if a VA conforms to the policy? For example, a VA only needs to provide their website address held in the remarks section, and you can process the list of active pilots yourselves?

You also state that, if a VA verifies their status, then no further action is required. It doesn't specify who I verify this with, or who has to be informed. It is therefore reasonable to assume that a VA can verify themselves and take no further action, with the expectation that you will be contacting VA's who you don't think qualify, providing evidence as to why their status is being put on hold?

 

Hi, Matthew. Thanks for your reply!

The previous director has unfortunately left the department in shambles, which includes major data loss such as us losing 80% of the information that includes;

When an airline has been partnered/associated.
Who did the last audit.
Who accepted the airline.
When the last audit was.
Audit documentation from previous years.

The reason for restarting all audits is so we could start fresh and while that doesn't solve every single problem (like the one when VAs became partnered), it does help immensely and is one step to returning the department into a operating state.

The only tool we can really provide to VAs is our policy, which states what they need to meet in order to retain the status. It is the VAs responsibility to make sure they meet the requirement, and is ours to verify that they do. If they do, everything goes on smoothly, if they don't, we would usually contact the VA asking for information if we're missing something, or if they don't meet the requirements their status would be under hold for 11 days so they can attempt to get their numbers back up, and if they don't, they'd be placed back into our Associate program and notified as to why.

We're unable to figure out who flies for a specific VA if we don't have a list of CIDs. A simple network search on stats.vatsim.net for a callsign is not enough, because anybody on VATSIM can fly under any VA callsign, even if they are not a VA member.

By verification, we ask that VAs make sure/verify that they meet the requirements. Maybe this wasn't communicated properly, and if so, I apologize! 

 

1 hour ago, Lukas Jankauskas said:

In echo all of the above - the VATSIM VA auditing process has always been burdensome, intrusive and against GDPR.

Instead of developing tools to make the process easier - you just made this even more burdensome. Is the goal of the policy to root out inactive VAs? If so, I applaud you - the list is woefully full of poor and inactive VAs. However, what you're doing is alienating a ton of other VAs who will find this overreach burdensome. What does VA get from being a VATSIM Partner? A mention in a long list of VAs - my google search of 'Virtual Airlines' does not feature VATSIM VA list in the first page and I believe that increased auditing will result in people just dropping out from your list as it's just not worth the hassle.

It's 2022 for crying out loud - some reasonable technology could be put in place where either this becomes lot less cumbersome with pilots following a VATSIM link to 'join up' a VA for your records or some common sense - what are the odds that the giants of VA world like BAW or vRYR or vEZY and many many others with pilot rosters of 1000+ pilots will fall out of 20 pilot requirement?


Hello, Lukas! Thanks for your reply!

Unfortunately, developing such tools falls out of our area, as that would be something you should request from the Tech Team. The goal of the new policy is to, as previously mentioned, to ensure airlines actively meet out standards, as we have found a lot of cases where an airline stops operating within their first few months of becoming a partner, and they just stay listed on the VA Partners list until the next audit, which takes attention from some other airline who is still operating, crowds up the already long list which is due a rework, and because we wish to have more frequent statistics of airlines. 

More perks for VA Associates, Partners (and a new Heritage status), are being worked on, as I just recently got appointed, and I simply can't introduce everything at once, as it requires time, planning and coordination with our VP.
You can find the VA list on my.vatsim.net.

As previously mentioned, Heritage VAs would solve the big VA's problem, and would be introduced way long before those big airlines would have a chance to be audited for the 2nd time this year. 

 

51 minutes ago, Michael Gold said:

+1 to George's comments.

Will VATSIM be auditing my partner VA (vspirit) using the statistics they have internally available, or do I have to turn over a report every 90 days with this information? It seems like the latter would be the case, but the communication also says "If your VA meets all the requirements for your current status, there is no further action required." so the signals are mixed.


Hi, Michael. Thanks for your reply!

We do not have any internal statistics available to match up with your VA, because we do not know who flies for that VA and who doesn't. That part was miscommunicated by my end, as previously mentioned, and i seriously apologize for not taking some more time to consider that. English is not really my first language, although it is not an excuse. I assure you that these types of miscommunications will not happen again.



Once again, thank you everybody for expressing your concerns and comments. Anything else I missed, or I can answer/address, please let me know!
 

Edited by Antonio Dujmovic

Antonio Dujmovic
VATSIM - Director of Virtual Airlines

Link to comment
Share on other sites

Michael Gold
Posted
Posted (edited)
33 minutes ago, Antonio Dujmovic said:

We do not have any internal statistics available to match up with your VA, because we do not know who flies for that VA and who doesn't.

I think you have more internal statistics than you think -- could you not ask each VA to provide what text they ask their members to include in their comments, and search flight records for those comments? The platform that my VA uses for our website + ACARS tracker considers turning over a list of CIDs to be a GDPR violation as the CIDs can be used to uniquely identify an individual and thus are PII, which would require an opt-in to our sharing that with you, which was not done when our members joined. This would seem to put us at an impasse with regards to the audit.

I'd like to suggest this: assign each partner/associate VA a unique alphanumeric code, and ask the VAs in turn to tell their members to put that in their remarks. You could then search for that code to check each VAs status. I had this thought anticipating your response to my first suggestion above that you ask VAs to tell you what they've been telling their members to put as having too much possible variability.

Edited by Michael Gold
  • Like 1
Link to comment
Share on other sites

Antonio Dujmovic
Posted
Posted (edited)
11 minutes ago, Michael Gold said:

I think you have more internal statistics than you think -- could you not ask each VA to provide what text they ask their members to include in their comments, and search flight records for those comments? The platform that my VA uses for our website + ACARS tracker considers turning over a list of CIDs to be a GDPR violation as the CIDs can be used to uniquely identify an individual and thus are PII, which would require an opt-in to our sharing that with you, which was not done when our members joined. This would seem to put us at an impasse with regards to the audit.

We really don't. The only statistics we have from airlines are the ones previously provided on audits and signup. Although not much, due to reasons provided above.

In regards to the GDPR violations;
You could say the same for any application that tracks VATSIM flights, because from what I know, almost all of them pull data from VATSIM and display it in their applications, that includes the pilot's Full Name or CID. Even if they don't, you could match up a flight number + flight length with one on stats.vatsim.net.
I'm not in any position to talk about VATSIM's Data Policy, as I'm not the correct person to go to for those matters.

If the airline did not inform the pilot how their CID will be used upon their submission, that is nothing we can do about. But so far, that hasn't really been a problem. We have a set of requirements, and it is up to the airline whether they will meet them or not.

Edited by Antonio Dujmovic

Antonio Dujmovic
VATSIM - Director of Virtual Airlines

Link to comment
Share on other sites

George Peppard
Posted
Posted (edited)
44 minutes ago, Antonio Dujmovic said:

Hi, George. I appreciate the response, and I will do my best to answer properly. Do apologize if I make a mistake here and there or miss something. This is a rather large message.

Many thanks for your response. I'll reply to each paragraph in turn (and it might be a long one so please excuse the formatting - I'll try and separate bits as appropriate). As a sidenote, don't worry about English not being your first language - you do a fine job of speaking the language (better than some native speakers I know). I consider it implied by your position, but these aren't comments directed at you personally; more so at the department you now represent (which I'm more than aware you probably didn't inherit in a brilliant state).

 

44 minutes ago, Antonio Dujmovic said:

Most airlines use systems that can automatically make a list of their pilots, or even make a public web roster like most airlines we've audited in the past few days or so have. If a VA has 10,000 members, then I'm pretty sure they have slightly advanced systems that can automatically print out a list of all their members on the roster. When the pilots give their CID to the airline, the airline holds responsibility of what happens with that CID on their end. Although, I will admit, we should have taken better care of these types of situation, and I will do my best to address it together with our VP. We can not know whether the airline has permission from the pilots to use it for the audit process, but it is something we require so we can check on our end that the airline meets the requirements. This shouldn't require any action from the pilot, except agreeing to the airline's terms, which should include the portion of what happens with their VATSIM CID. How that CID is handled, is the airline's responsibility and we can not take any for what happens with the CID unless there was a breach on our side. We simply ask for airlines to provide us with CIDs, so we can verify them on the network.

The issue with publishing a roster to the internet is that for all intents and purposes the VATSIM CID, even if not attached to a name, is personally identifiable information, so the rules as to what can and cannot be done with the data are extremely strict. Sure, large VAs can automatically get a list of VATSIM CIDs for all their members, but when the VATSIM VA audit asks for only a small amount of CIDs, providing them all is excessive. Just like how it's the responsibility of VATSIM to not ask for too much information, it's the responsibility of the VA (or data controller) to not provide excessive information. If a VATSIM VA auditor asked me for a list of 20 CIDs, I would not feel comfortable handing over 10,000. The problem seems to be that these members have to be active network members that have recently flown a flight - in the absence of a way of checking flight history automatically for a CID the VA would need to manually check items on the list against VATSIM Statistics. I also have concerns over how VATSIM handles the data when VAs hand it over. Ideally, you'd use the data to perform an audit, perhaps summarise some statistics and then delete the data from your servers, as you have no reason to keep hold of it. This is the best solution for all involved - it removes the obligation on VATSIM to store (read: and protect) the data properly and gives VAs peace of mind that PII they provided won't be lying around on VATSIM servers for years.

 

44 minutes ago, Antonio Dujmovic said:

The frequency of audits has been increased because anything can happen within a month, or two, or 4 months, and we have found a lot of cases where an airline stops operating within their first few months of becoming a partner, and they just stay listed on the VA Partners list until the next audit, which takes attention from some other airline who is still operating, crowds up the already long list which is due a rework, and because we wish to have more frequent statistics of airlines. 

Another thing regarding long-time, big VAs is that we were in the process of working on a new status named Heritage VAs, which would be audited once a year, and would be offered to airlines with 100+ members that have been operating for minimum 3 years. (Subject to change)

I can understand wanting to audit smaller VAs more frequently and maintain an active list. This is key to users trusting this system to find VAs - nobody wants a list of old VAs. However, I don't think a full audit every 90 days is the best solution to this. Most members are not deliberately dishonest, and discerning whether a VA still exists at any given time simply requires a check in with the VAs contact. A simple email asking "is your VA still around, is there anything we can do to help" (or something similar) can check if a VA is still operating whilst adding minimal admin workload to both the VATSIM VA relations team and the VA staff team itself. You can then leave audits for once or twice a year depending on the VA size and how long it has been around. A heritage VA status is a great idea (although I am not sure modern, trendy VAs will like the name 😉).

 

44 minutes ago, Antonio Dujmovic said:

As to why VATSIM collects names of pilots when auditing VAs, we do not ask for that. We ask for CIDs, which are linked to their names because of how VATSIM operates. That is out of our control and unfortunately, the VA Department can not do anything about it.
Access to that data has 7 Audit Managers, myself, and our VP. (EDIT: 1525z, Aug 10, 2022)

In general, whilst CIDs are relatively low risk PII, I am of the opinion that any personal data should have access restricted on the principle of least privilege. For example, if I'm a VA audit manager, I should be able to see data relating to VAs I have decided to audit, but not data related to VAs another VA audit manager has decided to audit; the latter information is not necessary for me to do my job. As discussed above, the information should then be deleted when it's no longer needed (i.e. when the audit is done, save for maybe a small grace period in case the data needs to be looked at in the short term). In the long term, the data isn't going to be up to date anyway, so if it is needed again then the VA should be asked for an updated copy of it. This gives control of the data to the VA that collected it; it is ultimately the VA that is accountable to its membership for how the data is handled, so it will give them peace of mind to know the data isn't being kept somewhere else for years and years.

 

44 minutes ago, Antonio Dujmovic said:

I'd like to add a note that while I myself don't agree with some of the stuff how we do, I can not change it instantly, as I became this department's director only 2 weeks ago, and I'm still working on a lot of stuff. Please bear with us a little bit while we sort out the department.

Absolutely! Congratulations on your new position - I highly doubt anyone expects instant changes, I'm more looking for willingness to change, which I think you've demonstrated with your message.

I think many of these problems stem from a lack of rigid policies, and inconsistency in how these policies are applied.

The current VA partner policy (and I fully appreciate it was probably written before your time) does not provide much in the way of telling VAs how things will happen or when they will happen, and is quite vague even to what will happen. In a future rewrite, it'd be good to see the responsibilities of the VA and the responsibilities of the VATSIM VA relations team more clearly set out, as well as how both parties can/will go about fulfilling those obligations. Transparency is (nearly) always a good thing, even more so in a voluntary organisation like ours.

I notice you mention that you do not ask for the names of pilots - as I say, I'm not a VA owner, but the last time I was involved in a VA audit I think the audit manager did ask for names. It's likely accidental, but I think it could be pertinent to remind the entire team of what they should ask for, what they actually can ask for (as it's easy to deem a request for names as excessive, VATSIM holds that data itself) and what their obligations are under data protection regulations.

All in good time, of course...

George

Edited by George Peppard
  • Like 1

All the best,

George Peppard
ATC Examiner (S1, S2)
VATSIM United Kingdom Division

Link to comment
Share on other sites

Matthew Beddow
Posted
Posted
42 minutes ago, Antonio Dujmovic said:

The only tool we can really provide to VAs is our policy

A policy is not a tool that helps VAs.

The policy puts additional burden on VAs for very little or no benefit.

43 minutes ago, Antonio Dujmovic said:

If a VA has 10,000 members, then I'm pretty sure they have slightly advanced systems that can automatically print out a list of all their members on the roster.

I'm not sure you understand who George is. He runs one of the largest VA platforms there is. If he tells you it's a manual process, it's fairly safe to assume that most large VAs don't have this functionality

  • Like 1
Link to comment
Share on other sites

Jan Podlipsky
Posted
Posted (edited)
27 minutes ago, Matthew Beddow said:

A policy is not a tool that helps VAs.

The policy puts additional burden on VAs for very little or no benefit.

I'm not sure you understand who George is. He runs one of the largest VA platforms there is. If he tells you it's a manual process, it's fairly safe to assume that most large VAs don't have this functionality

I have to agree here, and let me be honest. When comparing the benefits of being a VA Partner, and having this additional burden, I can say right away, that considering what system our VA is using (the one which George represents) and what it would take for us to accomplish it, that it is not worth the effort. Once a year is doable, but every 4 months? Nope.

Edited by Jan Podlipsky
  • Like 1
Link to comment
Share on other sites

Lukas Jankauskas
Posted
Posted (edited)

Just to expand a bit on my previous reply and to say - I am in the same boat as George - I am the data controller of thousands of pilots, high thousands of whom have optionally submitted their VATSIM ID to us for us to store and use according to our use policy.

My reply, which I will try to keep short is in 2 parts. 

Your reply, as new to your role as you have found it, left my mouth agape. Previous director left and took 80% of the data? I know it's not your fault, but the question has to be asked - just how lax are VATSIM data handling protocols if I can just get off and leave with not insignificant amount of data. Then you ask us to give you a list of IDs of people so you can match them up and keep a record of who they are VA members of? Not to sound too conspiratorial, but the lack of data handling policy, as George alluded to above, is just shocking and goes against the principles of a responsible organisation. Director, no less, walked away and took significant amount of data - be it internal, though I would not be surprised at all if some pilot IDs went away in tandem - and there is no announcement? No acknowledgement that undeniably bad thing happened? C'mon guys - you are way better than this and it ought to have been disclosed promptly and early. Responsible organisations behave this way throughout the world and usually such announcements come with a roadmap as to how this will be prevented in the future. We received none of that. 

VATSIM says it does not hold significant personal data and thus does not need data protection officer - this is just simply not true - You have my name, email, VAs I fly for as well as records of when I am online on your network, most definitely you track IPs connected from as well. That's about the all basic information you can extract from a user and VATSIM potentially deals in millions of them. If I walked away with, deliberately or inadvertently leaked/made public data of 80% of my customers of platform users  (say by not BCCing them in a mass email) - I would be tied up in courts and the ico.org.uk would happily take action against me as director of the company and individual as well. It may be false equivalence, but the statement that VATSIM does not control vast amounts of personally identifiable and location based information is just bogus. I know it's not your department Antonio, but this is not good, responsible and maybe even in line with the laws and regulations.

 

For the second part, George covered most of it - yes, VATSIM issues the IDs, we get to know some of them by people associating with us and providing those IDs voluntarily. Said ID can identify you personally -  stats.vatsim.net existence is the reason why I can say that vatsim ID is personally identifiable information, protected by law in UK and rest of the EU, as with the said ID you can get a name of the person. It absolutely boggles my mind that VATSIM asks this list to be made public on an accessible roster, no matter what VA management software you use. I would rather loose customers and pilots before I expose PII in this way and break the law - yet it is something VATSIM insists on since day 1 and when I raised the complaint back in the day when vRYR was up for review and I was asked to provide a list of network IDs with full names, I received no reply and the VA was quietly removed from the list - well, I lost nothing, nor did the VA. I would posit that VATSIM lost something as it made me less inclined to advertise your events and invite our pilots to fly on your network.

You also mentioned that the only tool is policy - so I assume by proving you a list of sequential network IDs starting at 126000 and ending in 1260100 will suffice? It covers 100 pilots and with no tools - we can both assume they flew online in last x days. I know this is very facetious, but that's the only conclusion of your argument. As George said, and I will reconfirm - I have a legal duty to provide as little information as is needed - without knowing how you check if pilot X Y or Z counts for the purposes of validation - my hands are tied and my official notice to my VA customers has to be to not to provide any data to VATSIM - because we do not know what they do with it, we do not know how long they retain it for, we do not know if we are providing more than we need to. I kindly ask you to explain to us all just how VATSIM VA relations division process the data and does their verification? 

Just before I wrap up, in the 2 linked policy documents it is said that pilots need to fly with appropriate remarks. This has me thinking that you already have all that you need - the policy states that multiple VAs sharing same name are not allowed - so if the ruling was that we all need to include the name of the VA - you already have all the data you need and more than we would willingly provide to comply with 20 pilot requirement - relinquishing us of the burden to compile a list and check if these people flew online in X days on an arbitrary timescale. To flip it around - VATSIM holds/processes more data than you think.

 

And just to wrap up - my tone above notwithstanding, my hearty congratulations on your ascension to your role. I just wish your first post was not a rule announcement but a post where you - the link between VAs and VATSIM - introduced yourself to the community and laid out a roadmap as to how you will serve us - the people who use the network and help it make possible. People and VAs, who are slowly going extinct as we face competition from other trackers and lack of general interest. If your plan to help us is to load us up with more meaningless paperwork - goal achieved. (/s)

Edited by Lukas Jankauskas
typo
  • Like 3
Link to comment
Share on other sites

Antonio Dujmovic
Posted
Posted (edited)

 

4 hours ago, George Peppard said:

Many thanks for your response. I'll reply to each paragraph in turn (and it might be a long one so please excuse the formatting - I'll try and separate bits as appropriate). As a sidenote, don't worry about English not being your first language - you do a fine job of speaking the language (better than some native speakers I know). I consider it implied by your position, but these aren't comments directed at you personally; more so at the department you now represent (which I'm more than aware you probably didn't inherit in a brilliant state).

 

The issue with publishing a roster to the internet is that for all intents and purposes the VATSIM CID, even if not attached to a name, is personally identifiable information, so the rules as to what can and cannot be done with the data are extremely strict. Sure, large VAs can automatically get a list of VATSIM CIDs for all their members, but when the VATSIM VA audit asks for only a small amount of CIDs, providing them all is excessive. Just like how it's the responsibility of VATSIM to not ask for too much information, it's the responsibility of the VA (or data controller) to not provide excessive information. If a VATSIM VA auditor asked me for a list of 20 CIDs, I would not feel comfortable handing over 10,000. The problem seems to be that these members have to be active network members that have recently flown a flight - in the absence of a way of checking flight history automatically for a CID the VA would need to manually check items on the list against VATSIM Statistics. I also have concerns over how VATSIM handles the data when VAs hand it over. Ideally, you'd use the data to perform an audit, perhaps summarise some statistics and then delete the data from your servers, as you have no reason to keep hold of it. This is the best solution for all involved - it removes the obligation on VATSIM to store (read: and protect) the data properly and gives VAs peace of mind that PII they provided won't be lying around on VATSIM servers for years.

 

I can understand wanting to audit smaller VAs more frequently and maintain an active list. This is key to users trusting this system to find VAs - nobody wants a list of old VAs. However, I don't think a full audit every 90 days is the best solution to this. Most members are not deliberately dishonest, and discerning whether a VA still exists at any given time simply requires a check in with the VAs contact. A simple email asking "is your VA still around, is there anything we can do to help" (or something similar) can check if a VA is still operating whilst adding minimal admin workload to both the VATSIM VA relations team and the VA staff team itself. You can then leave audits for once or twice a year depending on the VA size and how long it has been around. A heritage VA status is a great idea (although I am not sure modern, trendy VAs will like the name 😉).

 

In general, whilst CIDs are relatively low risk PII, I am of the opinion that any personal data should have access restricted on the principle of least privilege. For example, if I'm a VA audit manager, I should be able to see data relating to VAs I have decided to audit, but not data related to VAs another VA audit manager has decided to audit; the latter information is not necessary for me to do my job. As discussed above, the information should then be deleted when it's no longer needed (i.e. when the audit is done, save for maybe a small grace period in case the data needs to be looked at in the short term). In the long term, the data isn't going to be up to date anyway, so if it is needed again then the VA should be asked for an updated copy of it. This gives control of the data to the VA that collected it; it is ultimately the VA that is accountable to its membership for how the data is handled, so it will give them peace of mind to know the data isn't being kept somewhere else for years and years.

 

Absolutely! Congratulations on your new position - I highly doubt anyone expects instant changes, I'm more looking for willingness to change, which I think you've demonstrated with your message.

I think many of these problems stem from a lack of rigid policies, and inconsistency in how these policies are applied.

The current VA partner policy (and I fully appreciate it was probably written before your time) does not provide much in the way of telling VAs how things will happen or when they will happen, and is quite vague even to what will happen. In a future rewrite, it'd be good to see the responsibilities of the VA and the responsibilities of the VATSIM VA relations team more clearly set out, as well as how both parties can/will go about fulfilling those obligations. Transparency is (nearly) always a good thing, even more so in a voluntary organisation like ours.

I notice you mention that you do not ask for the names of pilots - as I say, I'm not a VA owner, but the last time I was involved in a VA audit I think the audit manager did ask for names. It's likely accidental, but I think it could be pertinent to remind the entire team of what they should ask for, what they actually can ask for (as it's easy to deem a request for names as excessive, VATSIM holds that data itself) and what their obligations are under data protection regulations.

All in good time, of course...

George


Thank you for your kind words, George.

VATSIM hasn't provided us with any server access. I have already requested some minimal access in order to add some features we've been needing for years apparently, but that was a no-go by the tech department. As much as I'd love to have a little bit more advanced system of handling this, it is simply out of reach for the time being, even though we have something that's being worked on. Anything we do, is done either on google spreadsheets or google drive. Which is where we store everything. We do not store the pilot roster you send us. But we do store the amount of pilots you have had on your last audit. At least we're supposed to have those in audit documents, but we're missing that as well because of already mentioned reasons.

I don't know if I mentioned this before, but anything that goes in details with user data such as CIDs, Names, emails, etc. is not stored. The only emails we store for example, are the ones we use to contact the VA owners on my.vatsim.net. The only names and CIDs we store are the names of VA owners on my.vatsim.net, and so on.


The problem with the idea of "how you doing" is that we base 100% on the fact we expect the airline to be honest. I'm more in the mindset of trust but verify. And I believe that a better approach is to verify ourselves that the airline is still doing ok and not inactive and cluttering up the list. Although as previously mentioned, I hopefully Heritage VAs work out for larger VAs, while the smaller ones shouldn't have much trouble getting us the information we need.


As previously mentioned; anything that goes in details with user data, is only seen by the person who does the audit. Not even I, or the VP know any of the CIDs from ExampleAirline that has been audited yesterday, but we just saw that the Audit Manager marked in the document that they meet the requirement. Therefore, I don't believe there is any changes needed there, because only 1 person has access to it, and it is during the auditing period.


I will be reviewing all policy documents regarding our department with our VP sometime before we implement Heritage VAs, and we will make sure to be as transparent as we can in regards to any changes. I believe that communication is key between multiple parties such as VA department and VAs, therefore, I promise to make sure we do a better job on that one, even though, today that was not the best case!

 

Quote

I notice you mention that you do not ask for the names of pilots - as I say, I'm not a VA owner, but the last time I was involved in a VA audit I think the audit manager did ask for names. It's likely accidental, but I think it could be pertinent to remind the entire team of what they should ask for, what they actually can ask for (as it's easy to deem a request for names as excessive, VATSIM holds that data itself) and what their obligations are under data protection regulations.


This should not have happened. I will make sure to explicitly state which information may be requested and that anything else the VA will not be required to provide. Pilot names are something we do not require, nor should anybody ask for them. The team has been re-briefed on how audits should be handled once I got on board, and I'm working on more internal resources to make sure Audit Managers understand their respective area of responsibility, what they may request, how they may communicate and when.


Once again, thank you for all of your comments and suggestions. I really appreciate all of this!
 

  

4 hours ago, Matthew Beddow said:

A policy is not a tool that helps VAs.

The policy puts additional burden on VAs for very little or no benefit.

I'm not sure you understand who George is. He runs one of the largest VA platforms there is. If he tells you it's a manual process, it's fairly safe to assume that most large VAs don't have this functionality

Unfortunately, I'm not really sure what tools the VA department can provide you with to make it easier for you. When it comes to Audit Managers, their job is to simply audit the airline and make sure they meet the requirements.

I am open to any suggestions you may have as to what we can do to improve the process, but bear in mind, we're not VATSIM's tech department and we're unable to make any heavy modifications to how the procedure on my.vatsim.net works or what tools on it are available.

 

3 hours ago, Jan Podlipsky said:

I have to agree here, and let me be honest. When comparing the benefits of being a VA Partner, and having this additional burden, I can say right away, that considering what system our VA is using (the one which George represents) and what it would take for us to accomplish it, that it is not worth the effort. Once a year is doable, but every 4 months? Nope.


I agree with you and George, depending on how the airline operates, it can really be difficult and a burden to deliver 10,000+ pilots (even though we don't require that many). But as previously mentioned, a Heritage status is being worked on, and we were planning to introduce it slowly, but are unable to right now due to VATSIM's tech department not having the resources or time to implement it into the current my.vatsim.net system.

Rest assured, we're not planning on having big VAs that have a good standing be burdened with such frequencies, this was mainly supposed to be for small to mid size VAs that are partnered, and the rest was supposed to be moved over to Heritage status once that has been introduced. I agree that this could have been better communicated on my side, and I sincerely apologize because that didn't happen. 

 

 

1 hour ago, Lukas Jankauskas said:

Just to expand a bit on my previous reply and to say - I am in the same boat as George - I am the data controller of thousands of pilots, high thousands of whom have optionally submitted their VATSIM ID to us for us to store and use according to our use policy.

My reply, which I will try to keep short is in 2 parts. 

Your reply, as new to your role as you have found it, left my mouth agape. Previous director left and took 80% of the data? I know it's not your fault, but the question has to be asked - just how lax are VATSIM data handling protocols if I can just get off and leave with not insignificant amount of data. Then you ask us to give you a list of IDs of people so you can match them up and keep a record of who they are VA members of? Not to sound too conspiratorial, but the lack of data handling policy, as George alluded to above, is just shocking and goes against the principles of a responsible organisation. Director, no less, walked away and took significant amount of data - be it internal, though I would not be surprised at all if some pilot IDs went away in tandem - and there is no announcement? No acknowledgement that undeniably bad thing happened? C'mon guys - you are way better than this and it ought to have been disclosed promptly and early. Responsible organisations behave this way throughout the world and usually such announcements come with a roadmap as to how this will be prevented in the future. We received none of that. 

VATSIM says it does not hold significant personal data and thus does not need data protection officer - this is just simply not true - You have my name, email, VAs I fly for as well as records of when I am online on your network, most definitely you track IPs connected from as well. That's about the all basic information you can extract from a user and VATSIM potentially deals in millions of them. If I walked away with, deliberately or inadvertently leaked/made public data of 80% of my customers of platform users  (say by not BCCing them in a mass email) - I would be tied up in courts and the ico.org.uk would happily take action against me as director of the company and individual as well. It may be false equivalence, but the statement that VATSIM does not control vast amounts of personally identifiable and location based information is just bogus. I know it's not your department Antonio, but this is not good, responsible and maybe even in line with the laws and regulations.

 

For the second part, George covered most of it - yes, VATSIM issues the IDs, we get to know some of them by people associating with us and providing those IDs voluntarily. Said ID can identify you personally -  stats.vatsim.net existence is the reason why I can say that vatsim ID is personally identifiable information, protected by law in UK and rest of the EU, as with the said ID you can get a name of the person. It absolutely boggles my mind that VATSIM asks this list to be made public on an accessible roster, no matter what VA management software you use. I would rather loose customers and pilots before I expose PII in this way and break the law - yet it is something VATSIM insists on since day 1 and when I raised the complaint back in the day when vRYR was up for review and I was asked to provide a list of network IDs with full names, I received no reply and the VA was quietly removed from the list - well, I lost nothing, nor did the VA. I would posit that VATSIM lost something as it made me less inclined to advertise your events and invite our pilots to fly on your network.

You also mentioned that the only tool is policy - so I assume by proving you a list of sequential network IDs starting at 126000 and ending in 1260100 will suffice? It covers 100 pilots and with no tools - we can both assume they flew online in last x days. I know this is very facetious, but that's the only conclusion of your argument. As George said, and I will reconfirm - I have a legal duty to provide as little information as is needed - without knowing how you check if pilot X Y or Z counts for the purposes of validation - my hands are tied and my official notice to my VA customers has to be to not to provide any data to VATSIM - because we do not know what they do with it, we do not know how long they retain it for, we do not know if we are providing more than we need to. I kindly ask you to explain to us all just how VATSIM VA relations division process the data and does their verification? 

Just before I wrap up, in the 2 linked policy documents it is said that pilots need to fly with appropriate remarks. This has me thinking that you already have all that you need - the policy states that multiple VAs sharing same name are not allowed - so if the ruling was that we all need to include the name of the VA - you already have all the data you need and more than we would willingly provide to comply with 20 pilot requirement - relinquishing us of the burden to compile a list and check if these people flew online in X days on an arbitrary timescale. To flip it around - VATSIM holds/processes more data than you think.

 

And just to wrap up - my tone above notwithstanding, my hearty congratulations on your ascension to your role. I just wish your first post was not a rule announcement but a post where you - the link between VAs and VATSIM - introduced yourself to the community and laid out a roadmap as to how you will serve us - the people who use the network and help it make possible. People and VAs, who are slowly going extinct as we face competition from other trackers and lack of general interest. If your plan to help us it to load us up with more meaningless paperwork - goal achieved. (/s)


Thanks for the lengthy response, Lukas. I really appreciate all the comments and input from everybody.

I wouldn't say "took", but our spreadsheets were basically filled with missing information and/or empty by the time I got here, and unfortunately, there is nothing I can do about that. As to how VATSIM overall handles their data, I can not speak for. The VA Department keeps track using google spreadsheets and store audit documents on our storage. For some transparency, data from our spreadsheet consists of the following:

VA Name - Name of the VA
VA Contact Address - Primary contact address for the VA
Date Granted - Date the VA was granted Partner/Associate status (we are missing a lot of this data)
Accepted by - Person who accepted the VA (we are missing a lot of this data)
Last Audit Date - The date last audit was done (we are missing a lot of this data)
Audit Due - When the next audit is due (we are missing a lot of this data)
Auditor - Person who audited the VA last time (we are missing a lot of this data)
Status - Whether they Passed or Failed their last audit (we are missing a lot of this data)
Additional information - Any notes left by the auditors
AMS Data - Audit Management System data, which is being used by a bot I created to automatically deliver audits that are due to our audit managers
Website Link - link for the VA's website


The mistake where I cc'd instead of Bcc'd the email today, was 100% my fault and I fully take the responsibility for it. It was a major oversight, as I accidently haven't chosen the correct option when attaching recipients. I have already notified our VP about the issue, so I'm not sure what happens from here on.
As much as it won't fix anything, I publicly apologize to everyone affected.


Unfortunately, for anything else that concerns you regarding our data policies and how it is handled, you will have to get in touch with our department's VP (VATGOV12), as I am in no position to speak of our Data Policies.

We will be looking into some alternatives as to what we can request other than pilot rosters with CIDs to make it more GDPR compliant.. Maybe PIREPs? If you have a suggestion, I'm happy to hear you out.

 

Quote

I kindly ask you to explain to us all just how VATSIM VA relations division process the data and does their verification? 


When an Audit Manager receives a new audit to their DMs, they receive necessary information about the VA which is pulled from our spreadsheet where we store VAs.
Audit Managers have been provided with a document that requires them to fill in Yes or No checkmarks inside fields with the list of minimum requirements. The Audit Manager does them one by one checking manually if the website is ok, if they have the VATSIM logo that points to vatsimi.net, if they have an accessible pilot rosters with more than 20 pilots, if they have at least 15 pilots that flew in the last 90 days. Next to that, the document stores the VA Name, audit date, and the name of the person doing the audit.

In case the Audit Manager is missing something from this list, they attempt to make contact using the email address that we get when the VA sends in an application and is accepted. That email address is the primary VATSIM email address of the person sending in the application, and as much as I disagree with this, there is nothing I can do about it, as I am not a part of the tech department. What we can do is manually change the email address upon request.

If there is communication and cooperation from the VA to provide us with needed details (for example, a pilot roster with CIDs), the audit is done as usual, rest of the document filled in, and sent in for review to me and our VP.
If everything seems alright, we approve it, update the new details in our spreadsheet and upload the document to our storage.

Note that any personal information that the VA would send to the audit manager, such as CIDs, names, etc. is not stored anywhere.

That is how audits have been done since before I was appointed Director, and there will be a lot of changes over the next few months, as we work on improving the process so it is easier for audit managers to do their job, and for the airline to provide us with the needed details.


 

Quote

Just before I wrap up, in the 2 linked policy documents it is said that pilots need to fly with appropriate remarks. This has me thinking that you already have all that you need - the policy states that multiple VAs sharing same name are not allowed - so if the ruling was that we all need to include the name of the VA - you already have all the data you need and more than we would willingly provide to comply with 20 pilot requirement - relinquishing us of the burden to compile a list and check if these people flew online in X days on an arbitrary timescale. To flip it around - VATSIM holds/processes more data than you think.


That is correct. Although, I don't believe anybody enforces this, and we haven't been paying attention to that, since we would usually get the pilot roster upon request, or find it publicly available. I will make sure to keep this in mind, and thank you for bringing it up.

 

Quote

And just to wrap up - my tone above notwithstanding, my hearty congratulations on your ascension to your role. I just wish your first post was not a rule announcement but a post where you - the link between VAs and VATSIM - introduced yourself to the community and laid out a roadmap as to how you will serve us - the people who use the network and help it make possible. People and VAs, who are slowly going extinct as we face competition from other trackers and lack of general interest. If your plan to help us it to load us up with more meaningless paperwork - goal achieved. (/s)


I absolutely agree with you. I will be looking into writing up a post that would introduce the VA team, some transparency as to how we do things, future plans and we will make sure to get the policy up-to-date and sorted out.


Once again, thank you everybody for your comments and suggestions, and I apologize if I missed something!

Edited by Antonio Dujmovic
  • Thanks 2

Antonio Dujmovic
VATSIM - Director of Virtual Airlines

Link to comment
Share on other sites

Jan Podlipsky
Posted
Posted (edited)

To follow up on my quote, the biggest problem is, that 90% of the mentioned VA system users will be unable to reach the 100+ members in order to fulfill a Heritage VA status. At least based on my assumption that a member is considered as a person who had flown at least 1 flight using the VA ICAO code on VATSIM in the last 90 days, making the whole Heritage status useless.

Since the VATSIM is not the only online network out there, in our case, the network usage is relatively equally divided between the two major online networks, so in theory, it would require our VA to be much larger than you assume.

Edited by Jan Podlipsky
Link to comment
Share on other sites

Antonio Dujmovic
Posted
Posted
Just now, Jan Podlipsky said:

To follow up on my quote, the biggest problem is, that 90% of the mentioned VA system users will be unable to reach the 100+ members in order to fulfill a Heritage VA status. At least based on my assumption that a member is considered as a person who had flown at least 1 flight using the VA ICAO code on VATSIM, making the whole Heritage status useless.

Since the VATSIM is not the only online network out there, in our case, the network usage is relatively equally divided between the two major online networks, so in theory, it would require our VA to be much larger than you assume.


The 100+ members number is not final, it is still a theory and not realized.
A member is considered somebody signed up within the VA with a VATSIM CID. I believe you confused the 2 requirements that we have, where one requires 20+ pilots with CIDs, and the other where we require minimum 15 pilots using VA callsign online in past 90 days.

The 100+ members number that I gave, is the former, which is that we would require 100+ VA members with VATSIM CIDs. Although, we will be looking into replacing CIDs with something more GDRP friendly. If you have any suggestions, I'm all ears. 

Thanks for the feedback :)

 

Antonio Dujmovic
VATSIM - Director of Virtual Airlines

Link to comment
Share on other sites

Jan Podlipsky
Posted
Posted
8 minutes ago, Antonio Dujmovic said:


The 100+ members number is not final, it is still a theory and not realized.
A member is considered somebody signed up within the VA with a VATSIM CID. I believe you confused the 2 requirements that we have, where one requires 20+ pilots with CIDs, and the other where we require minimum 15 pilots using VA callsign online in past 90 days.

The 100+ members number that I gave, is the former, which is that we would require 100+ VA members with VATSIM CIDs. Although, we will be looking into replacing CIDs with something more GDRP friendly. If you have any suggestions, I'm all ears. 

Thanks for the feedback 🙂

 

In that case, you have to realize that number of registered users with VATSIM CID does not represent anything whatsoever regarding the activity. Even a nearly dead VA can have that. Making the difference between Heritage VA and a "normal VA" even more unfair.

Link to comment
Share on other sites

Antonio Dujmovic
Posted
Posted
Just now, Jan Podlipsky said:

In that case, you have to realize that number of registered users with VATSIM CID does not represent anything whatsoever regarding the activity. Even a nearly dead VA can have that. Making the difference between Heritage VA and a "normal VA" even more unfair.

It gives a metric of how large the VA is, and the other requirement that shows how many pilots flew within the last 90 days would show how active the VA is.

Antonio Dujmovic
VATSIM - Director of Virtual Airlines

Link to comment
Share on other sites

Lukas Jankauskas
Posted
Posted (edited)
25 minutes ago, Antonio Dujmovic said:

It gives a metric of how large the VA is, and the other requirement that shows how many pilots flew within the last 90 days would show how active the VA is.

So does a list of sequential IDs  starting at 126000 and ending in 1260100. I can make pilot roster infinitely large.

 

I do appreciate your long response and thank you for clarifying some things. I hope you will forgive me for not taking your word as is and me waiting to see those words translate into policy updates - something I can point to people and say - that is our agreement. 

I must note that there seems to be no appetite on your end to delay the new policy till there can be a better approach agreed or even wait for improvements within your department before this takes effect - fair enough I guess. With that in mind, I believe you can understand how I am in no position to advise my VA customers to comply with your requirements and stay on the list of VAs of VATSIM and all the benefits it bequeathed to them. 

 

Edited by Lukas Jankauskas
Link to comment
Share on other sites

Antonio Dujmovic
Posted
Posted
Just now, Lukas Jankauskas said:

So does a list of sequential IDs  starting at 126000 and ending in 1260100. I can make pilot roster infinitely large.

 

I do appreciate your long response and thank you for clarifying some things. I hope you will forgive me for not taking your word as is and me waiting to see those words translate into policy updates - something I can point to people and say - that is our agreement. 

I must note that there seems to be no appetite on your end to delay the new policy till there can be a better approach agreed or even wait for improvements within your department before this takes effect - fair enough I guess. With that in mind, I believe you can understand how I am in no position to advise my VA customers to comply with our requirements and stay on the list of VAs of VATSIM and all the benefits it bequeathed to them. 

 

Could you elaborate on the IDs part? I don't think I've understood what you're trying to point out.

Policy updates will be coming soon. I have to run all of this through our VP first, so we can see how we proceed. But I have faith we will sort this out so that everybody is happy in the end. 
I am not looking forward to delaying policy changes, but change takes time, and we can't implement everything straight away, especially since we're being slowed down by not being able to have system changes implemented quickly on my.vatsim.net 

I understand that, but unfortunately, at this point in time, the same requirements stand as they have always. The only thing that changed, is that we audit partners once every 90 days. As we've reset all audit due dates, all VA Partners will be audited by the end of August, and by the time your second audit would be up, we will most likely figure everything out, if not even long before that. My personal goal is to sort this out by the end of this month, although I'm not sure how likely that will be due to reason mentioned above..

Right now we're exploring additional perks for airlines, the Heritage status and using PIREPs to track activity, instead of requesting CIDs. Which technically we can still match with data from stats.vatsim.net to get the pilot's CID and Name, but I don't see a way in which we can verify the activity of an airline without having that data one way or another..

Antonio Dujmovic
VATSIM - Director of Virtual Airlines

Link to comment
Share on other sites

  • Board of Governors
Roger Curtiss
Posted
Posted

I appreciate the sentiments and observations being presented here.  Let me provide some comments and context in an effort to clarify a few things:

- One of our goals in maintaining a list of Virtual Airline Partners is to provide a reliable resource for VATSIM members who are interested in joining a virtual airline.  As such, we seek to keep this list up-to-date and restrict inclusion on it to VAs that are strong enough to maintain operations, have developed a substantial base of pilot members, and demonstrate a commitment to the network.
In order to ensure that these qualities are met, we put in place the requirements as stated in our Partner Policy for acceptance as a Partner.  In order to ensure that these requirements are maintained, we have found the audit system to be the most effective tool.  Might there be more advanced technologically innovative ways to perform this process?  Quite possibly, however, within our department we do not have the latitude to institute such tools unilaterally and any system put in place that ties into the greater VATSI network must meet the demanding approval of those VATSIM entities responsible for managing the technological side of the network and they are in turn limited in their ability to help develop and implement such tools as their workload is considerable and limited to being dealt with by a small group of dedicated and trustworthy individuals.  Thus, we utilize for the present time our "traditional" method of audits to ensure compliance.

-The audit process is conducted in a rather methodical manner.  The most labor intensive aspect of it is the verification of compliance with the online participation requirement. In many, if not most cases, the VA does have a roster on their website that lists a pilot name (or at least a partial name) and a VATSIM CID.  This is sufficient for an audit manager to then utilize the VATSIM Statistics Center, input the CID-verify that does belong to the individual so stated by the VA and then seek flights flown within the preceding 90 days under the VA's callsign prefix.  For those VAs that do not maintain a public roster the audit manager will contact them and request that name information and corresponding CIDs be sent of either the roster or of at least 15 pilots who have met the 90 day requirement.  There is no requirement that an entire roster be sent if the VA is able to provide the 15 pilot identifiers.  This is in accordance with the stated Policy requirement 2.3.1.1.3 that there be an ACCESIBLE roster (either publicly or upon request of an audit manager).  The information utilized to successfully conduct an audit is not kept-there is merely a notation made to the VA's record as to whether it passed or did not pass the audit without the specifics being referenced.

-A comment was received that  "nowhere in the policy (and especially not the section you have referenced) does it give you the right to change the audit frequency, nor does the policy give you the right to "reset" the audit status of airlines who are already compliant with the policy."

 While it is certainly true that the Policy does not state that we have the right to change the audit frequency or "reset" the audit status of airlines already compliant, it also clearly does not state that such actions cannot be taken. Policy is subject to change at the discretion of the needs of the department and to respond to changes in the operating environment for which it has been created.  Notice is provided to members that policy changes are being implemented and such changes are then placed into the Policy when an updated/revised version is published.  This is being accomplished and a new version will be published and announced.  VATSIM has very recently moved its documents to a new system and access to edit them is still being arranged.  Additionally, the "audit status reset" is due to the loss of historical data of when VAs commenced their Partner status (see next note).  

-The comment by Antonio concerning the previous Director may have mistakenly given the impression that said person took 80% of our data. Such is not the case and there was no potential breach of information.  Prior to that Director leaving, we had been using a data management and record system known as VASOPS. With the move of VATSIM operations to myVatsim, VASOPS was deemed incapable of being transferred and our operations had to devise a different record-keeping system. This was being evolved when the previous Director departed. The situation Antonio inherited was that due to Covid, we had suspended audits for over one year, therefore, with the VASOPS records no longer available and the suspension of audit operations for a prolonged period, we were dealing with data that was missing some components so there were gaps in our storehouse of previous information.

 

-The discussion about 'Heritage'VAs.   This was a term used a few years ago when this program was initially introduced.  With its anticipated rebirth now and adjustments being considered for requirements to qualify a VA for inclusion, that name will likely be changed to be more closely reflect the status.

-

  • Like 1

Roger Curtiss

VATGOV12

VP-Virtual Airlines & Special Ops

r.curtiss(at)vatsim.net

 

810159.png810159.png

Link to comment
Share on other sites

George Peppard
Posted
Posted (edited)

It is good to see a healthy discussion taking place. Thanks to both Antonio and Roger for their responses, as well as all the other members who have weighed in.

1 hour ago, Roger Curtiss said:

The discussion about 'Heritage'VAs.   This was a term used a few years ago when this program was initially introduced.  With its anticipated rebirth now and adjustments being considered for requirements to qualify a VA for inclusion, that name will likely be changed to be more closely reflect the status.

My comment about the name was somewhat tongue in cheek (😄), but I look forward to the rebirth of this programme (whatever name it takes on) as, correctly implemented this can ease the administrative burden both on VAs and on the VA relations team.

There is no doubt that the list of partner VAs must be continually maintained in order to keep it fit for purpose. With an ideal implementation, given everything runs smoothly, the VATSIM VA list is an invaluable resource for new members to the network looking to take their virtual flying further, and I hope that the VATSIM.NET technology team see that, with development, it can continue to fulfil this duty whilst reducing the workload for all interested parties. I am sure you are aware that the current myVATSIM VA list is less than fit for purpose and I hope the importance of this list are reiterated to the technology team on a regular basis (the limitations of the team being relatively small, of course, notwithstanding). The comments others have posted here regarding my position with a VA management platform are accurate - it would be nice (in an ideal world!) to completely automate these kinds of checks. If such a feature or service is developed by the VATSIM technology team (in collaboration with your department) we would love to be a part of shaping how this can help partner VAs that are using any platform. Please feel free to contact me directly regarding this.

I look forward to the "rebirth" of the department and the change that has the potential to follow, I hope developed in collaboration with the many VAs who enjoy partnership with the network.

Edited by George Peppard

All the best,

George Peppard
ATC Examiner (S1, S2)
VATSIM United Kingdom Division

Link to comment
Share on other sites

Lukas Jankauskas
Posted
Posted
1 hour ago, Antonio Dujmovic said:

Could you elaborate on the IDs part? I don't think I've understood what you're trying to point out.

Policy updates will be coming soon. I have to run all of this through our VP first, so we can see how we proceed. But I have faith we will sort this out so that everybody is happy in the end. 
I am not looking forward to delaying policy changes, but change takes time, and we can't implement everything straight away, especially since we're being slowed down by not being able to have system changes implemented quickly on my.vatsim.net 

I understand that, but unfortunately, at this point in time, the same requirements stand as they have always. The only thing that changed, is that we audit partners once every 90 days. As we've reset all audit due dates, all VA Partners will be audited by the end of August, and by the time your second audit would be up, we will most likely figure everything out, if not even long before that. My personal goal is to sort this out by the end of this month, although I'm not sure how likely that will be due to reason mentioned above..

Right now we're exploring additional perks for airlines, the Heritage status and using PIREPs to track activity, instead of requesting CIDs. Which technically we can still match with data from stats.vatsim.net to get the pilot's CID and Name, but I don't see a way in which we can verify the activity of an airline without having that data one way or another..

it is getting late in the day for me and I will be sure to revisit it with fresh eyes - but you are assuming we were overjoyed with the previous data collection process - we were not, but we were willing to settle with it cause it was once a year.

With all the revelations which came out over the course of the day today - why would anyone send anything over? We can do this all on trust - saves me some GDPR headaches as well as work for you traversing some list where, as far as I can understand, you cannot and no not do any checks.

Hence me saying - I can give you a list saying I have pilots with VATSIM IDs starting at 126000 and ending in 1260100 - 100 pilots in total. 100 VATSIM registered people to qualify for your list. 

 

The reason why I will not recommend VAs to share their pilot list of users with VATSIM IDs is because your data handling policy does not touch on it at all. Your reply does and I believe that can be workable, but until it's in VATSIM policy, my hands are literally tied and I have little choice but to tie them up for my customers who are your VA Partners. 

Link to comment
Share on other sites

Lukas Jankauskas
Posted
Posted (edited)
1 hour ago, Roger Curtiss said:

restrict inclusion on it to VAs that are strong enough

Hi Roger, It's probably my bad english, but this sounds a lot like big VAs need not apply and enjoy the bragging rights (failing any other benefits) of being a VATSIM registered VA?

Edited by Lukas Jankauskas
Link to comment
Share on other sites

 Share