<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Dear Lynn and All,<br>
I wanted to say how much I appreciate Lynn posting the key regional
data protection frameworks to the group. I think they are very
important, and she and I have discussed the need for us to look at
them more closely in relation to the Whois data. I hope we can do
this soon! <br>
<br>
Regarding sensitive vs private data, I wanted to add my views as an
attorney who specializes in the area of data protection and privacy
since starting my telecommunications practice in 1993. While
sensitive data may focus on the areas of financial, birth, religion,
health, and let's add political affiliation and sexual orientation,
that's not where the story ends.<br>
<br>
Data protection and privacy laws certainly consider home address,
home phone number, and now cell phone data as "private" or "personal
data." Certainly telecommunications laws in the US, as one example,
regularly protect the right of a person to "opt-out" of sharing
their home address or home phone number in a public directory as a
matter of personal privacy. In fact, opt-out in directories was
chosen by a majority of Californians when last I researched it (and
the state protects privacy as part of its state constitution)
because home addresses and home phone numbers are considered very
personal information, and worthy of protection. <br>
<br>
These are the very elements that have been such an issue of
controversy within the ICANN arena. Over the last decade, as part of
the history of Whois within ICANN, at least four Data Protection
Commissioners and their senior staffs have warned ICANN about the
problems of this data, and its data protection implications. They
are very concerned with the elements now collected and published in
the Whois. I will gather their letters to ICANN and share them, as
well as notes of the speeches they have given. I would like to
request that we ask ICANN Staff to work with us on this important
matter as well. <br>
<br>
Ultimately, I do not think this is a matter for us to decide on
(which may relieve everyone greatly). As many of you know, I have
been thinking about this issue a great deal. I will be submitting a
recommendation to our Team asking that GAC provide ICANN with clear
information about relevant applicable laws, including data
protection laws, and their guidance, based on these laws, as to the
elements of the Whois now published. I'll distribute this before our
meeting tomorrow.<br>
<br>
All the best,<br>
Kathy<br>
<br>
Since data privacy is an area of specialization for me, I would like
to offer a couple of
<blockquote
cite="mid:20110816163929.00ef555ff13978e3e1b8d2179880f99e.5a54ff5f88.wbe@email12.secureserver.net"
type="cite"><span style="font-family:Verdana; color:#000000;
font-size:10pt;">
<div>comments on the dialogue about privacy laws.</div>
<div><br>
</div>
<div>Although WHOIS data contains personal data, it does not
have any data elements that are</div>
<div>considered to be "sensitive" in nature. The focus and
priority of data protection authorities throughout the world
is on protection of sensitive data such as financial account
details, date of birth, religious affiliations, medical
conditions, etc.</div>
<div><br>
</div>
<div>For global, multi-national organizations who need to
develop and maintain policies regarding the collection and use
of personal data, there are multi-lateral privacy frameworks
and principles that have been accepted and are well
established including:</div>
<div><br>
</div>
<div>1) OECD Guidelines on the Protection of Privacy and
Transborder Flows</div>
<div>2) UN Guidelines Concerning Computerized Personal Data
Files</div>
<div>3) EU Directive 95/46/EC on the Protection of Individuals
with Regard to the Processing of Personsal Data and on the
Free Movement of Such Data</div>
<div>4) APEC Privacy Framework</div>
<div><br>
</div>
<div>Since ICANN is headquartered in the State of California and
the United States, I would note that California has an Office
of Privacy Protection. At the national level, the U.S.
Federal Trade Commission has been accepted as the equivalent
of a Data Protection Authority.</div>
<div><br>
</div>
<div>Hope these brief comments are helpful.</div>
<div>Lynn</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</span>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Rt4-whois mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Rt4-whois@icann.org">Rt4-whois@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/rt4-whois">https://mm.icann.org/mailman/listinfo/rt4-whois</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
</pre>
</body>
</html>