In terms of accessing members-only information, I believe the Confirmation of having read the Privacy Policy, if one is enabled, should be enforced. My understanding is the member can leave this field at No, but it doesn't restrict any access to information. If that is the case, the field provides no tangible functionality, I think as long as the field is set to No, the member needs to be prompted to confirm that they have read the policy upon login attempt. If they are unwilling to confirm, they shouldn't be granted access, This is especially important for access to contact fields that would otherwise not be visible to the public.