<html><body><span style="font-family:Verdana; color:#000000; font-size:10pt;"><div>Since data privacy is an area of specialization for me, I would like to offer a couple of</div><div>comments on the dialogue about privacy laws.</div><div><br></div><div>Although WHOIS data contains personal data, it does not have any data elements that are</div><div>considered to be "sensitive" in nature. The focus and priority of data protection authorities throughout the world is on protection of sensitive data such as financial account details, date of birth, religious affiliations, medical conditions, etc.</div><div><br></div><div>For global, multi-national organizations who need to develop and maintain policies regarding the collection and use of personal data, there are multi-lateral privacy frameworks and principles that have been accepted and are well established including:</div><div><br></div><div>1) OECD Guidelines on the Protection of Privacy and Transborder Flows</div><div>2) UN Guidelines Concerning Computerized Personal Data Files</div><div>3) EU Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personsal Data and on the Free Movement of Such Data</div><div>4) APEC Privacy Framework</div><div><br></div><div>Since ICANN is headquartered in the State of California and the United States, I would note that California has an Office of Privacy Protection. At the national level, the U.S. Federal Trade Commission has been accepted as the equivalent of a Data Protection Authority.</div><div><br></div><div>Hope these brief comments are helpful.</div><div>Lynn</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></span></body></html>