[RDS-WHOIS2-Safeguard] Work plan for Safeguard Registrant Data
Alan Greenberg
alan.greenberg at mcgill.ca
Mon Mar 5 04:27:20 UTC 2018
In light of my message of 13 February and general agreement to accept
this, I have revised the two work documents. Please review and let me
know if there are any comments.
I believe that our next plenary meeting after ICANN61 is on Friday,
23 March. Presuming thisis not changed, please let me know of any
need for changes prior to Wednesday, 23 March.
Alan
At 13/02/2018 10:56 PM, Alan Greenberg wrote:
>During the last plenary meeting, there was a discussion of one of
>the items I lead - Safeguarding Registrant Data.
>
>Two issues were raised.
>
>1. Given the number of data breaches that we regularly hear about,
>the question was raised about whether we should look into the
>ICANN's Escrow facilities, most likely focusing on the main
>provider, Iron Mountain. I think this is a valid point. I would
>propose that we first talk to someone from the ICANN Global Domains
>Division who is knowledgeable on the Escrow rules and procedures.
>Presumably they can also provide some documentation. Following that,
>we should interview someone from Iron Mountain so that we understand
>how data is transferred to them, how it may be retrieved in
>disaster-like circumstances, and how the data is protected. When
>Iron Mountain started, I suspect the bulk of their business was
>transporting and storing magnetic takes. Now I presume it is all
>online and potentially vulnerable.
>
>In addition to this, perhaps we might also want to talk to a
>sampling of registrars and registries (if we can find any who are
>willing!). Although WHOIS data is currently public, perhaps we want
>to ask about how well it is protected from being changed or erased.
>
>2. Lisa (I think) raised the issue that the Terms Of Reference, as
>decided in Brussels identifies several parts to this overall study:
> (a) identifying the lifecycle of registrant data,
> (b) determining if/how data is safeguarded in each phase of that
> lifecycle,
> (c) identifying high-priority gaps (if any) in safeguarding
> registrant data, and
> (d) recommending specific measurable steps (if any) the team
> believes are important to fill gaps.
>
>In the work statement/plan, I wrote:
>
>Items a, c and d are being covered in both the ongoing NextGen RDS
>PDP and efforts to address laws related to the European GDPR. I do
>not believe that there is any merit in us replicating these.
>b) Currently all Whois data is made available publicly. Although
>this will surely change with regard to natural persons, and likely
>other groups as a result of the ongoing efforts, currently there is
>no protection.
>
>On reviewing this, I still largely stand by what I wrote, although
>subject to the additions in 1 above. Going in the details of the
>lifecycle and the various stages (other than making sure data is not
>lost of changed as per #1), does not sound like a productive way to
>spend our time in light of the other work that is ongoing.
>
>Comments?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Subgroup 5 - Safeguard Registrant Data v4.docx
Type: application/msword
Size: 31314 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/rds-whois2-safeguard/attachments/20180304/11808d41/Subgroup5-SafeguardRegistrantDatav4-0001.docx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Planning questions - Safeguarding Registrant Data-v2.pptx
Type: application/octet-stream
Size: 55876 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/rds-whois2-safeguard/attachments/20180304/11808d41/Planningquestions-SafeguardingRegistrantData-v2-0001.pptx>
More information about the RDS-WHOIS2-Safeguard
mailing list