[Gnso-sc-budget] [Ext] Re: [v.0.5] latest version of our comment on FY20 budget

Tom Barrett tbarrett at encirca.com
Sat Jan 26 22:21:05 UTC 2019 

Xavier,

Thanks for the explanation regarding HIPAA.  Could you explain the process
used by ICANN for someone requesting business class for medical reasons?
I.e.  is there a page on icann.org explaining the process?  If a qualified
condition is long term, i.e. more than a year, is there a renewal process?

Tom






On Fri, Jan 25, 2019, 10:18 AM Xavier J. Calvez <xavier.calvez at icann.org
wrote:

> Thank you all.
>
> To address Michele’s points/questions:
>
>    - The issue with disclosure in relation to HIPAA is not direct but
>    inferred, therefore subject to interpretation. You all have pointed out to
>    the fact that high costs does not necessarily mean business class but
>    could, and business class, as per our policy, does mean medical condition
>    (since this is the only exemption, other than for SO/AC chairs as Ayden
>    pointed out).
>    - Regarding timing: you are correct that HIPAA is not new and we could
>    have taken this position earlier in the past.
>    - We do believe that further review is warranted, beyond the
>    preliminary review that led us to take action recently. Stephanie also
>    pointed out to this need.
>
>
>
> Thank you.
>
>
>
> Best,
>
>
>
> Xavier
>
>
>
> Xavier Calvez
>
> ICANN – SVP & CFO
>
> 12025 Waterfront Drive, Suite 300
>
> Los Angeles, CA 90094
>
> Phone:   310-301-5838
>
> Mobile:  805-312-0052
>
> Fax:        310-957-2348
>
>
>
>
>
> *From: *Stephanie Perrin <stephanie.perrin at mail.utoronto.ca>
> *Date: *Thursday, January 24, 2019 at 5:42 PM
> *To: *Xavier Calvez <xavier.calvez at icann.org>, Michele Neylon -
> Blacknight <michele at blacknight.com>
> *Cc: *Ayden Férdeline <icann at ferdeline.com>, "gnso-sc-budget at icann.org" <
> gnso-sc-budget at icann.org>, Joseph de Jesus <joseph.dejesus at icann.org>
> *Subject: *Re: [Ext] Re: [Gnso-sc-budget] [v.0.5] latest version of our
> comment on FY20 budget
>
>
>
> I don't believe it is legal or fair to insist on full disclosure and
> denial of privacy rights, and you open yourselves up to complaints under
> the Americans with Disabilities Act if you deny people travel on those
> grounds.  Don't go there. Now, the issue of whether someone who has no
> medical issues can consent, is still a possibility. If someone says sure
> publish them, then as I suggested earlier, all you have to do is pick a
> random sample to redact, in order to "salt" the data with more redacted
> cases.  Reduces, but probably does not eliminate, the risk that people with
> medical issues will be identified.  I think it is worth getting a legal
> opinion on whether this meets the [rather low bar] of HIPAA....the fact
> that someone has a note from their doctor does not tell you the medical
> condition, and it could be everything from a life threatening condition
> (thrombosis) to a bad back, claustrophobia, broken leg, arthritis,
> obesity....you name it.  The only information you are getting, is that this
> person has got a doctor's note to fly business.
>
> cheers Stephanie
>
> PS apologies for getting all nerdy on this privacy issue, but it is an
> interesting question.  Transparency and fairness are extremely important
> values, so I am certainly pushing for disclosure here, for a change.
>
> On 2019-01-24 19:49, Xavier J. Calvez wrote:
>
> Michele,
>
> From a GDPR standpoint, yes, from a HIPAA standpoint, no because HIPAA
> compliance is not elective, even with the consent of the individuals.
>
> Re: consent from travelers: needs to be evaluated further, from
> operational perspective (how do we manage tracking who provided consent and
> who did not), from a legal/compliance perspective, etc...
>
> Some of you have suggested that consent on data disclosure should
> condition receiving travel funding, meaning that you can’t receive travel
> funding if you don’t consent to disclosure by ICANN of the costs incurred
> on your behalf. This approach could reduce the operational challenges of
> managing consent, but the legal aspect of it should still be evaluated.
>
>
>
> Thank you.
>
> Best,
>
> Xavier
>
>
>
> Xavier Calvez
>
> SVP & CFO
>
> 12025 Waterfront Drive
>
> Los Angeles, CA 90094
>
> Office: +1-310-301-5838
>
> Mobile: +1-805-312-0052
>
> Skype: Xavier.calvez.icann
>
>
> On Jan 24, 2019, at 2:49 PM, Michele Neylon - Blacknight <
> michele at blacknight.com> wrote:
>
> Xavier
>
>
>
> Surely if the funded travellers agree to their funding being disclosed
> then it’s a non-issue?
>
> I get funding for some activities and I have zero issues with the amounts
> spent be made public
>
>
>
> Regards
>
>
>
> Michele
>
>
>
>
>
> --
>
> Mr Michele Neylon
>
> Blacknight Solutions
>
> Hosting, Colocation & Domains
>
> https://www.blacknight.com/ [blacknight.com]
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.blacknight.com_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=IWWGaKyGUGcKQNGe7LtArAou7HP6fPR5aWjbPBUFZ3k&m=Z9pdjWUkJ8oyFjjT9QliXNrim6mew2ZytFBmBVvVgDI&s=rpo8OW5yYk9TzHvHVvoNEWahf2LIw6lzxSd4uYCMXEk&e=>
>
> http://blacknight.blog/ [blacknight.blog]
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__blacknight.blog_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=IWWGaKyGUGcKQNGe7LtArAou7HP6fPR5aWjbPBUFZ3k&m=Z9pdjWUkJ8oyFjjT9QliXNrim6mew2ZytFBmBVvVgDI&s=dyJSVINy_ySqr4Ibvn_8YyGEIenQJcfYBnzGQqKRx4I&e=>
>
> Intl. +353 (0) 59  9183072
>
> Direct Dial: +353 (0)59 9183090
>
> Personal blog: https://michele.blog/ [michele.blog]
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__michele.blog_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=IWWGaKyGUGcKQNGe7LtArAou7HP6fPR5aWjbPBUFZ3k&m=Z9pdjWUkJ8oyFjjT9QliXNrim6mew2ZytFBmBVvVgDI&s=BEXvaIeIMoXIwTNi8y7TT0K5ogFN3Bjq1EVR4nV06To&e=>
>
> Some thoughts: https://ceo.hosting/ [ceo.hosting]
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__ceo.hosting_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=IWWGaKyGUGcKQNGe7LtArAou7HP6fPR5aWjbPBUFZ3k&m=Z9pdjWUkJ8oyFjjT9QliXNrim6mew2ZytFBmBVvVgDI&s=9pUCDee736aM0YK6XhnGLs9bJkodNEOkEUclX7F0_NY&e=>
>
> -------------------------------
>
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>
> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
>
>
>
>
>
> *From: *Gnso-sc-budget <gnso-sc-budget-bounces at icann.org> on behalf of "
> xavier.calvez at icann.org" <xavier.calvez at icann.org>
> *Date: *Wednesday 23 January 2019 at 16:33
> *To: *Ayden Férdeline <icann at ferdeline.com>, Stephanie Perrin <
> stephanie.perrin at mail.utoronto.ca>
> *Cc: *"gnso-sc-budget at icann.org" <gnso-sc-budget at icann.org>, Joseph de
> Jesus <joseph.dejesus at icann.org>
> *Subject: *Re: [Gnso-sc-budget] [v.0.5] latest version of our comment on
> FY20 budget
>
>
>
> Ayden et al,
>
> Let me chime in. You all have brought up this topic a few weeks back and I
> held back from commenting at that time.
>
> At a high level, the drivers to the change in disclosures are:
>
> (i)                  personal information privacy (GDPR), which we should
> evaluate whether explicit consent could be a solution to address, as
> several of you have mentioned.
>
> (ii)                Health information privacy. Stephanie raised this
> issue early on and correctly pointed out to HIPAA, which regulates fairly
> strictly how personal health information is used and disclosed in the US.
> When reviewing GDPR compliance, the issue of HIPAA compliance was also
> evaluated and we determined that disclosing travel expenses with the name
> of the traveler was leading to disclose indirectly the traveler’s medical
> condition (ie high flight expense = business class flight = exemption for
> medical purposes (only reason for an exemption) = medical condition / low
> flight expense = economy class flight = no exemption = no medical
> condition). As a result, we disclose now who the travelers are and what the
> costs are but do not match the travelers to the costs so as to not disclose
> who has a medical condition and who does not.
>
> This is an unfortunate limitation as everyone agreed that the disclosure
> was a useful and relevant transparency mechanism that helps accountability,
> which is why ICANN had started to disclose the information a long time ago.
>
> It is perfectly reasonable to reevaluate comprehensively what information
> can be disclosed for transparency and accountability purposes while
> maintaining privacy, whether required by law or otherwise, under the
> premise that ICANN should disclose as much information as is possible.
>
> I hope this helps.
>
>
>
> [adding Joseph De Jesus, ICANN Travel Services, to this conversation].
>
>
>
> Thank you.
>
>
>
> Best,
>
>
>
> Xavier
>
>
>
> Xavier Calvez
>
> ICANN – SVP & CFO
>
> 12025 Waterfront Drive, Suite 300
>
> Los Angeles, CA 90094
>
> Phone:   310-301-5838
>
> Mobile:  805-312-0052
>
> Fax:        310-957-2348
>
>
>
>
>
> *From: *Gnso-sc-budget <gnso-sc-budget-bounces at icann.org> on behalf of
> Ayden Férdeline <icann at ferdeline.com>
> *Reply-To: *Ayden Férdeline <icann at ferdeline.com>
> *Date: *Wednesday, January 23, 2019 at 3:53 PM
> *To: *Stephanie Perrin <stephanie.perrin at mail.utoronto.ca>
> *Cc: *"gnso-sc-budget at icann.org" <gnso-sc-budget at icann.org>
> *Subject: *Re: [Gnso-sc-budget] [v.0.5] latest version of our comment on
> FY20 budget
>
>
>
> Hi all,
>
>
>
> Thanks for the lively discussion.
>
>
>
> I remember that we had this conversation on our mailing list several
> months back, and at that time found guidance from a government body in the
> EU on how/why under data protection law one agency had justified publishing
> the expense reports of civil servants and elected members. I wonder whom we
> can direct this information to, internally within ICANN?
>
>
>
> I share the sentiment that these community travel reports should be
> published with the same detail as used to be the case, but am not sure we
> need to add this request to our comment on the FY20 budget. Is there a way
> we can escalate this request internally informally, or do we need to write
> a letter?
>
>
>
> Ayden
>
>
>
>
>
>
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>
> On Wednesday, January 23, 2019 5:44 PM, Stephanie Perrin <
> stephanie.perrin at mail.utoronto.ca> wrote:
>
>
>
> On the travel issue, I totally agree.  While it is well known that some
> folks get more expensive travel for medical reasons, and there is certainly
> a concern about releasing information about medical conditions, I do think
> that a lump some and the destination and departure point is still valid.
> It is certainly released in most countries which have access to information
> and privacy legislation, even with details of items charged.
>
> Consent could be obtained, it is reasonable to ask for it and not too
> burdensome to block if people insist on their privacy.  However, I would
> caution that if only a few people refuse, we will still be able to sleuth
> them out because of the dates and amounts...which raises issues about
> having to black out a few others to avoid this.
>
> Stephanie Perirn
>
> On 2019-01-23 17:10, Michele Neylon - Blacknight wrote:
>
> Marilyn
>
>
>
> On travel support – I agree. There needs to be transparency. While I am a
> strong supporter of privacy and GDPR travel support is like a grant or
> bursary. It’s important to see who is getting what and what they are
> actually doing. Yes, some people do plenty of work and I have no issue with
> them getting financial assistance, but the disclosure helps to keep the
> system honest.
>
>
>
> Regards
>
>
>
> Michele
>
>
>
>
>
> --
>
> Mr Michele Neylon
>
> Blacknight Solutions
>
> Hosting, Colocation & Domains
>
> https://www.blacknight.com/ [blacknight.com]
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.blacknight.com_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=IWWGaKyGUGcKQNGe7LtArAou7HP6fPR5aWjbPBUFZ3k&m=HdpI8YJsFWJlGtrrZ497yw8gZo939XMnVjySH5upcAA&s=RZJ0HeA1nRDvq4D6_AR0GBeJaRFOOJN3CHXhExVCl7k&e=>
>
> http://blacknight.blog/ [blacknight.blog]
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__blacknight.blog_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=IWWGaKyGUGcKQNGe7LtArAou7HP6fPR5aWjbPBUFZ3k&m=HdpI8YJsFWJlGtrrZ497yw8gZo939XMnVjySH5upcAA&s=w90n2jWnURUy4RbSrzjjufNCGrqpbKFaOQ9VcBo-mCo&e=>
>
> Intl. +353 (0) 59  9183072
>
> Direct Dial: +353 (0)59 9183090
>
> Personal blog: https://michele.blog/ [michele.blog]
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__michele.blog_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=IWWGaKyGUGcKQNGe7LtArAou7HP6fPR5aWjbPBUFZ3k&m=HdpI8YJsFWJlGtrrZ497yw8gZo939XMnVjySH5upcAA&s=P8KAlH3h_DC523ZOXbENDK4pgnPud1b-Lf_Xv8cn51Q&e=>
>
> Some thoughts: https://ceo.hosting/ [ceo.hosting]
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__ceo.hosting_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=IWWGaKyGUGcKQNGe7LtArAou7HP6fPR5aWjbPBUFZ3k&m=HdpI8YJsFWJlGtrrZ497yw8gZo939XMnVjySH5upcAA&s=ygrBTE9Y9r70TVXLSHo8yEWrA5wEJL7iWAMlhk9Wh1E&e=>
>
> -------------------------------
>
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>
> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
>
>
>
>
>
> *From: *Gnso-sc-budget <gnso-sc-budget-bounces at icann.org>
> <gnso-sc-budget-bounces at icann.org> on behalf of Marilyn Cade
> <marilynscade at hotmail.com> <marilynscade at hotmail.com>
> *Date: *Tuesday 22 January 2019 at 06:33
> *To: *"gnso-sc-budget at icann.org" <gnso-sc-budget at icann.org>
> <gnso-sc-budget at icann.org> <gnso-sc-budget at icann.org>, Ayden Férdeline
> <icann at ferdeline.com> <icann at ferdeline.com>
> *Subject: *Re: [Gnso-sc-budget] [v.0.5] latest version of our comment on
> FY20 budget
>
>
>
> I have a couple of questions --
>
> First bullet under the chart -- and this may be my fault for not thinking
> of it earlier. Should this include also regular Board/Liaison travel to
> ICANN's 3 meetings, so there is a full view of Board/Liaison travel?
>
>
>
> Also, in a last few months, ICANN has stopped publishing travel amounts
> for travelers, noting GDRP as their excuse.  There has been a little
> chatter but not enough, in my view. If one accepts ICANN funding, then we
> should tick the box, so to speak, that one understands that name; group
> affiliated with;  travel location from, and amount of travel  and purpose
> will be posted in ICANN reports about said event.  Receiving ICANN funding
> is not a bad thing, as many volunteers do countless hours of work. But
> publishing details can help to advise on improvements in travel planning.
> And how those funded contribute to policy engagement -- in the GNSO but
> also elsewhere as well as to activity that ensure ICANN's successful
> delivery of its core mission.
>
>
>
> This may need referral to the constituencies/SGs,as it might exceed our
> group's mandate in some aspects.
>
> If we might be over exceeding the mandate of this group then perhaps some
> questions need to be referred back to the Constituencies/SGs into the
> overall Budget/Operating Plan comments. For instance, publishing all
> contracts over a certain amount and noting if they are competed and what
> the scope of responsibility of said contractor may be out of scope for the
> Council's comments but belong back at the broader Budget Working Group,
> where many of the SMEs to this group engage. Those related to policy
> support are relevant to this group's mandate, of course.
>
>
>
> I have forwarded a request to Jimson Olufuye, V..Chair of Finance and Ops
> for BC and Steve DelBianco, V.Chair, Policy Coordination regarding their
> view about the Document Drafting and Development Pilot.  I understand that
> we have a deadline on our response, but it would also be helpful to hear
> from the other participants in that pilot on whether it was useful, and if
> not, why not.
>
>
>
> I am so appreciative of the great work of this group and want to once
> again complement Ayden as Chair and Berry as staff, who have guided the
> work, and I believe we are also helping as the SMEs are then able to share
> Council's views back into their communities, as they fulfill their broader
> role in comments on Budget and Ops Plan.
>
>
>
>
> ------------------------------
>
>
>
> *From:* Gnso-sc-budget <gnso-sc-budget-bounces at icann.org>
> <gnso-sc-budget-bounces at icann.org> on behalf of Ayden Férdeline
> <icann at ferdeline.com> <icann at ferdeline.com>
> *Sent:* Monday, January 21, 2019 11:07 AM
> *To:* gnso-sc-budget at icann.org
> *Subject:* [Gnso-sc-budget] [v.0.5] latest version of our comment on FY20
> budget
>
>
>
> Hi all,
>
>
>
> Thank you for joining our call today. I have now updated our draft comment
> to reflect the discussion on our call as best as I could. Please find
> attached; and I apologize in advance if I have not accurately captured a
> change that you requested. We need to get a draft of our comment to the
> GNSO Council's mailing list by Thursday (and during the Council's meeting
> in Los Angeles on Thursday I would like to present our draft comment and
> walk the Council through it, if time permits), so can you please socialize
> the attached document with your SG/C and advise if you have any concerns,
> questions, or requested edits. It would be much appreciated if you could
> raise concerns within the next 24 hours so we have time to deliberate and
> discuss further on our list, if necessary. Thanks!
>
>
>
> Best wishes,
>
>
>
> Ayden
>
>
>
>
>
> _______________________________________________
>
> Gnso-sc-budget mailing list
>
> Gnso-sc-budget at icann.org
>
> https://mm.icann.org/mailman/listinfo/gnso-sc-budget
>
>
>
> _______________________________________________
> Gnso-sc-budget mailing list
> Gnso-sc-budget at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-sc-budget
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-sc-budget/attachments/20190126/526cdbb4/attachment-0001.html>

More information about the Gnso-sc-budget mailing list