Elliot Harmon / Communications manager, Creative Commons / firstname.lastname@example.org
Thanks for your help in identifying this issue and for your related suggestions. You’re welcome to post this reply as an addendum to your blog post; we’ll also be posting it on the Hacker News thread.
We regret not replying to you promptly about what we were doing to resolve the issue, and to express our gratitude. That was our error, and we apologize. Our immediate focus was on locating the file you identified, confirming that no other files with sensitive information had been inadvertently uploaded, determining what information the file contained, and identifying and contacting affected donors. Thankfully, we were able to remove the file the same day you reported the incident. That was our highest priority.
We have since learned that our rapid deletion of the file limited our ability to access statistics about its use. We will share an update if we learn more about views or possible downloads.
As to your other suggestions, they are well taken and we will do better. Both emails for the audit committee on the contact page are functional, but in order to avoid confusion, we removed one of them. We have also emphasized that email@example.com is the most appropriate portal for sending privacy-related concerns at this time.
Thanks again for calling this to our attention, and our apologies for not more quickly replying to you individually.
Diane M. Peters / General Counsel, Creative Commons