<div dir="ltr"><div><div><div>I look at sensitive data as data that exposes a threat to the registrant - this is also contact information. <br><br></div>Other records like the NS records may not be sensitive data. <br><br></div>Third parties pick this data and use it for spam. This is the point where I think restricted Access is important. Where there is need for the data the registrant should be asked for consent that the data be shared. <br><br></div>Daniel <br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div> <br>Regards <br>Nanghaka Daniel K.<br>Executive Director - ILICIT Africa / Council Member - FOSSFA / Community Lead - ISOC Uganda Chapter<br>Mobile +256 772 898298 (Uganda)<br></div><div>Skype: daniel.nanghaka<br></div><div><br></div><div>----------------------------------------- <i><span>"Working for Africa" </span></i>-----------------------------------------<br><img src="https://docs.google.com/uc?export=download&id=0BwH7MatcY6gPOGxHaDhJMGZwN2c&revid=0BwH7MatcY6gPWmQyTXJIdWtScmN2ZUxpRDBpZG8wZUd5ZkhBPQ" height="87" width="87"> <img src="https://docs.google.com/uc?export=download&id=0BwH7MatcY6gPeFAxdFF3Skk4b3M&revid=0BwH7MatcY6gPK2MxMkFyME5BWS9hb0VQMFRmTVFTMlB2SENRPQ" height="73" width="278"><br><img src="https://docs.google.com/uc?export=download&id=0BwH7MatcY6gPSF9OWXFHYkV3ZVk&revid=0BwH7MatcY6gPcURiZC9meEU1cEJzaGk3TTBjOUE2NWNxSEg0PQ" height="86" width="436"><br></div></div></div></div></div></div>
<br><div class="gmail_quote">On Thu, Dec 8, 2016 at 10:11 PM, James Galvin <span dir="ltr"><<a href="mailto:jgalvin@afilias.info" target="_blank">jgalvin@afilias.info</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
On 7 Dec 2016, at 9:55, Greg Aaron wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
In the coming discussions, one approach could be: There are good reasons to publish the thin data … is there any compelling reason _not_ to publish it? If we can take care of this low-hanging fruit, we will solve part of the puzzle and we can concentrate on the issues around contact data. This is not a proposal to publish thin data only. It’s an attempt to disentangle concepts and find a way forward. Not all data is the same, so let’s stop treating all data the same. We may not have to iterate repeatedly about thin data.<br>
</blockquote>
<br>
I agree with the principle that we should tease apart “registration data” into a few different categories. The discussion in the rest of this thread has been focused on that and I’ll state I support it. My current view is that there are at least three categories of data: PII (e.g., contact information), operational and explicitly not-PII (e.g., registrar ID and NS records), and other (e.g., registries with specific requirements).<br>
<br>
I have two concerns with this discussion though. First, we keep talking about “publishing” data. Greg is careful to point out he’s not talking about publishing, per se, but he doesn’t mention what we are talking about.<br>
<br>
Second, given we understand our data (which is a reason to categorize it) there are at least three topics to talk about with respect to that data.<br>
<br>
1. Why do we care about this data, or perhaps, what is the purpose of the data? The answer to these questions is both critical and essential. They will drive the answer to the next two questions. In my opinion, without an answer to these questions (eventually, if not first or early in our process), discussions about the next two topics will never come to a conclusion. By the way, also my opinion, any answer that somehow embodies a reference to the existing system and service is irrelevant.<br>
<br>
2. What are the data collection requirements? This includes who, what, where, why, and how, including storage.<br>
<br>
3. What are the publication requirements? Might be zero. Greg suggests above that we could approach the problem of publication in some cases by answering the following question, “Is there any compelling reason not to publish it?” I will object to this. This is never the right question. The right question is always, “Why publish it?” You can’t publish it if you don’t collect it and you don’t collect it if you don’t have a need for it.<br>
<br>
All questions must be answered in the positive. Otherwise what’s the point of our discussion? The answer will always default to be collect everything and publish everything, and then let the lawyers fight about what’s public.<br>
<br>
Jim<div class="HOEnZb"><div class="h5"><br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></div></div></blockquote></div><br></div>