<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</head>

<body dir="auto">

Thanks Heather <br>

<br>

<div dir="ltr">Sincerely,

<div>Kerry-Ann Barrett</div>

<div>Cybersecurity Policy Specialist</div>

<div>Organization of American States </div>

</div>

<div dir="ltr"><br>

<blockquote type="cite">On Jun 11, 2020, at 3:23 PM, Heather Flanagan <hlf@sphericalcowconsulting.com> wrote:<br>

<br>

</blockquote>

</div>

<blockquote type="cite">

<div dir="ltr">

<title></title>

<pre><div style="border:solid #9C6500 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt"><h1 style="line-height:12.0pt;background:#FFEB9C"><strong><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:red">CAUTION: EXTERNAL SENDER</span></strong><span style="font-size:12.0pt;color:black"><o:p></o:p></span></h1></div>

</pre>

<div name="messageBodySection">

<div dir="auto"><span style="font-family:Open Sans">Hello all,</span><br>

<br>

<span style="font-family:Open Sans">The sub team’s comments have been added to the Public Comment Feedback spreadsheet in tab 2 “Organized by section”.</span><br>

<br>

<a style="font-family:Open Sans" href="https://docs.google.com/spreadsheets/d/1DQpPA0aLDsW5IHLKgQqHtW-5860CKGCuTYIOeMPEaaw/edit#gid=925648260" target="_blank">https://docs.google.com/spreadsheets/d/1DQpPA0aLDsW5IHLKgQqHtW-5860CKGCuTYIOeMPEaaw/edit#gid=925648260</a></div>

</div>

<div name="messageSignatureSection"><br>

<div dir="auto"><span style="font-family:Open Sans">Heather Flanagan — Translator of Geek to Human</span><br>

<a style="font-family:Open Sans" href="https://sphericalcowconsulting.com" target="_blank">https://sphericalcowconsulting.com</a></div>

</div>

<div name="messageReplySection">On Jun 4, 2020, 10:24 PM -0700, Barrett, Kerry-Ann <KABarrett@oas.org>, wrote:<br>

<blockquote type="cite" style="border-left-color: grey; border-left-width: thin; border-left-style: solid; margin: 5px 5px;padding-left: 10px;">

<div class="WordSection1">

<p class="MsoNormal">Dear team,</p>

<p class="MsoNormal"> </p>

<p class="MsoNormal">Amendments and comments included in google docs here for review and discussion:</p>

<p class="MsoNormal"><a href="https://docs.google.com/document/d/1WTnaEk2pW0V85FRXk1uUN4O-co7DcDIXb_9_-1MCqts/edit">https://docs.google.com/document/d/1WTnaEk2pW0V85FRXk1uUN4O-co7DcDIXb_9_-1MCqts/edit#</a></p>

<p class="MsoNormal"> </p>

<p class="MsoNormal">Also see proposed response to public comments on action taken in red:</p>

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="0" style="width:649.85pt;margin-left:-2.65pt;border-collapse:collapse">

<tbody>

<tr style="height:15.75pt">

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">BC</span></p>

</td>

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-left:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal" align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">29</span></p>

</td>

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-left:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Focus on Privacy and SSR Measurements and Improving Policies Based on Those Measurements</span></p>

</td>

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-left:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">The BC concurs with this recommendation.</span></p>

</td>

<td width="110" valign="bottom" style="width:12.5pt;border:solid #CCCCCC 1.0pt;border-left:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:red">Duly Noted</span></p>

</td>

</tr>

<tr style="height:15.75pt">

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-top:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">SSAC</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal" align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">29</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Focus on Privacy and SSR Measurements and Improving Policies Based on Those Measurements</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">(3.4.9) Why is the topic of “Privacy” in Workstream 4 a Future Challenge? This would conventionally be classified as a current topic.<br>

Does the SSR2 RT have evidence that ICANN org is not adequately focusing on Privacy and SSR Measurements already? The recommendation implies that the review has taken the position that the level of focus and attention is inadequate, but has not provided any

 material in the report that substantiates such a conclusion.</span></p>

</td>

<td width="110" valign="bottom" style="width:12.5pt;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:red">Duly noted. The observation was made in the context of while this is a current issue, as data privacy evolves there needs to be a dedicated focus on ensuring ICANN

 remains abreast of emerging challenges in data privacy including evolving compliance requirements.  The growth of data is exponential and increasing security vulnerabilities has led to data breaches.  The logic flows from the weaving together of security measures

 with managing risk factors such as data breaches.  In some organizations the role of a Chief Data Officer has worked alongside the Chief Information Security Officer which has been mentioned in the SSR2 Recommendation 6.</span>

<span style="font-size:10.0pt;font-family:"Arial",sans-serif"></span></p>

</td>

</tr>

<tr style="height:15.75pt">

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-top:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">SSAC</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal" align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">29</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Focus on Privacy and SSR Measurements and Improving Policies Based on Those Measurements</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">(3.4.10) The report notes in the section relating to Rationale and Findings on Privacy, that “ICANN org, in having a privacy policy that covers registration information and having

 Bylaws that requires it enforce its own policies, is in conflict with their statement that ICANN org is not responsible for data protection and privacy.” This is an unusual 17 interpretation of the ICANN statement, in that the disclaimer is about the general

 state of privacy on the Internet while the org does have a privacy policy relating to data gathered by the org.</span></p>

</td>

<td width="110" valign="bottom" style="width:12.5pt;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:red">Noted and language amended to reflect accuracy in the interpretation of the  relevant references.</span></p>

</td>

</tr>

<tr style="height:15.75pt">

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-top:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">RySG</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal" align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">29</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Focus on Privacy and SSR Measurements and Improving Policies Based on Those Measurements</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">While the RySG supports ICANN tracking new technology and evolving privacy laws and regulations as part of its overall risk management management, the RySG believes that much

 of this recommendation is out of scope for SSR2. Specifically, we oppose the creation of specialized compliance officers to micromanage contracted party operations. Registries and registrars are responsible for complying with all local laws - ICANN’s compliance

 team doesn’t need to duplicate the function of local law enforcement. The RySG also notes its support for recommendation 31.</span></p>

</td>

<td width="110" valign="bottom" style="width:12.5pt;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:red">SSR2 recognizes the close inter-relationship between security and privacy which is why it was identified as a key component that data privacy not be micro managed but

 managed in order to ensure compliance is ensured whenever there are related regulations and data breaches minimized in collaboration with ICANN org security team. </span></p>

</td>

</tr>

<tr style="height:15.75pt">

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-top:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">IPC</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal" align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">29</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">The IPC is supportive of this recommendation, while noting that the following recommendation is unclear and potentially subject to unintended interpretation in implementation:

 ‘ICANN org’s DPO should also be responsible for external DNS PII’.</span></p>

</td>

<td width="110" valign="bottom" style="width:12.5pt;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:red">Noted and clarification provided as the intent is to ensure that ICANN org is being proactive in identifying and complying with all the laws and regulations that govern

 data capture, use, retention, security, and disposal</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif"></span></p>

</td>

</tr>

<tr style="height:15.75pt">

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-top:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">SSAC</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal" align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">29.1</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">ICANN org should monitor and regularly report on the privacy impact of technologies like DoT (DNS over TLS) and DoH (DNS over HTTPS).</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">(3.4.11) In terms of using the SMART criteria for the report’s recommendations it is not clear how this particular recommendation is directly relevant to ICANN. The manner of

 DNS name resolution between stub and recursive name resolvers on the Internet, and the protocols used to perform such resolution appears to fall outside the scope of ICANN’s activities and authority. Because of this question of direct relevance to ICANN’s

 scope and mission, this action may be more appropriately included as part of the report’s set of “suggestions,” and listed on the basis of the broader topic of potential actions by ICANN org that would provide value to the community through the provision of

 assessments of aspects of the larger environment of the domain name space and its evolving use.<br>

The SSAC is aware of current activity within both ICANN org and the ICANN community in this space already, including a recently published SSAC study on the implications of DNS over HTTPS and DNS over TLS, and there is some lack of clarity 18 as to how this

 recommendation differs from current practice.</span></p>

</td>

<td width="110" valign="bottom" style="width:12.5pt;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:red">This suggestion is supported as SSAC sees value but noted it misplacement.  SSR2 RT has taken this onboard for evaluation.</span></p>

</td>

</tr>

<tr style="height:15.75pt">

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-top:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">ICANN Board</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal" align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">29.1</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">ICANN org should monitor and regularly report on the privacy impact of technologies like DoT (DNS over TLS) and DoH (DNS over HTTPS).</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">If the SSR2 RT believes additional monitoring and reporting of areas that are within ICANN org’s remit are needed, the Board would encourage the SSR2 RT to provide clear statements

 of what issues or risks exist from the current operational model, how the SSR2 RT recommendation will address them, and what relevant metrics could be applied to assess implementation.</span></p>

</td>

<td width="110" valign="bottom" style="width:12.5pt;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:red">SSR2 RT notes this and the intent of the recommendation was to ensure that privacy concerns were specifically addressed.</span></p>

</td>

</tr>

<tr style="height:15.75pt">

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-top:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">RrSG</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal" align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">29.1</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">ICANN org should monitor and regularly report on the privacy impact of technologies like DoT (DNS over TLS) and DoH (DNS over HTTPS).</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">For recommendation 29.1, this appears to be outside of ICANN's remit.</span></p>

</td>

<td width="110" valign="bottom" style="width:12.5pt;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:red">SSR2 RT has noted this comment and has it under evaluation.</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif"></span></p>

</td>

</tr>

<tr style="height:15.75pt">

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-top:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">SSAC</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal" align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">29.2</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">ICANN org’s consensus policies and agreements with registry operators and registrars should, therefore, have clauses to reflect compliance with these while ensuring that the

 DNS is not fragmented because of the need to maintain/implement minimum requirements governing the collection, retention, escrow, transfer, and display of registration data, which includes contact information of the registrant, administrative, and technical

 contacts as well as technical information associated with a domain name.</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">(3.4.12) The introduction of the concept of DNS “fragmentation” makes no clear sense in this context. The recommendation should phrase the concern in a different way that avoids

 the particular term “fragmentation”, or explain the concept of “fragmentation” in detail.</span></p>

</td>

<td width="110" valign="bottom" style="width:12.5pt;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:red">Amended to provide clarity.</span></p>

</td>

</tr>

<tr style="height:15.75pt">

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-top:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">RrSG</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal" align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">29.2</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">ICANN org’s consensus policies and agreements with registry operators and registrars should, therefore, have clauses to reflect compliance with these while ensuring that the

 DNS is not fragmented because of the need to maintain/implement minimum requirements governing the collection, retention, escrow, transfer, and display of registration data, which includes contact information of the registrant, administrative, and technical

 contacts as well as technical information associated with a domain name.</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">The RrSG needs additional information about recommendation 29.2, as it is not clear what problem or concern this addressing- those obligations already exist.</span></p>

</td>

<td width="110" valign="bottom" style="width:12.5pt;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:red">Amended to provide clarity.</span></p>

</td>

</tr>

<tr style="height:15.75pt">

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-top:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">ICANN Org</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal" align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">29.2</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">SSR2 Recommendation 29.2: “with these”</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Requests for clarification of terms</span></p>

</td>

<td width="110" valign="bottom" style="width:12.5pt;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:red">Amended to provide clarity.</span></p>

</td>

</tr>

<tr style="height:15.75pt">

<td valign="bottom" style="border:solid #CCCCCC 1.0pt;border-top:none;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">ICANN Board</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal" align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">29.4</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">ICANN org’s DPO should also be responsible for external DNS PII. The DPO should provide guidance to managers and stakeholders regarding responsibilities and procedures and monitor

 and report on relevant technical developments.</span></p>

</td>

<td valign="bottom" style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">It is unclear to the Board what it means for ICANN to “be responsible for external DNS PII.”</span></p>

</td>

<td width="110" valign="bottom" style="width:12.5pt;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:1.5pt 2.25pt 1.5pt 2.25pt;height:15.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:red">SSR2 RT notes this and recommended for deletion.</span></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal"> </p>

<p class="MsoNormal"> </p>

<p class="MsoNormal"> </p>

<p class="MsoNormal"> </p>

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="0" style="width:7.5in;margin-left:4.2pt">

<tbody>

<tr>

<td width="117" valign="top" style="width:82.5pt;padding:4.2pt 4.2pt 4.2pt 4.2pt">

<p class="MsoNormal"><a href="http://www.oas.org/"><span style="color:blue;text-decoration:none"><img border="0" width="106" height="137" id="_x0000_i1028" src="http://www.oas.org/en/sms/signature_images/oas.png" alt="OAS.org" data-unique-identifier=""></span></a><span style="font-size:12.0pt;color:#1F497D"></span></p>

</td>

<td width="12" valign="top" style="width:7.5pt;padding:4.2pt 4.2pt 4.2pt 4.2pt">

<p class="MsoNormal"><span style="color:#1F497D"><img border="0" width="1" height="130" id="_x0000_i1027" src="http://www.oas.org/en/sms/signature_images/vbar.png" alt="http://www.oas.org/en/sms/signature_images/vbar.png" data-unique-identifier=""></span><span style="color:#1F497D"></span></p>

</td>

<td width="591" valign="top" style="width:6.25in;padding:4.2pt 4.2pt 4.2pt 4.2pt">

<p class="MsoNormal"><b><span style="font-size:10.0pt;color:#1B4CA0">Sincerely</span></b></p>

<p class="MsoNormal"><b><span style="font-size:10.0pt;color:#1B4CA0">Kerry-Ann Barrett</span></b>

<span style="color:#1F497D"><br>

</span><span style="font-size:10.0pt;color:#686361">Cybersecurity Program Officer<br>

Secretariat of the Inter-American Committee against Terrorism (CICTE)<br>

Secretariat for Multidimensional Security (SMS)<br>

</span><b><span style="font-size:10.0pt;color:#F37B3C">Organization of American States</span></b><span style="color:#1F497D"><br>

</span><span style="font-size:10.0pt;color:#686361">1889 F Street NW Washington D.C. 20006<br>

</span><span style="font-size:10.0pt;color:#686361"><img border="0" width="10" height="10" id="_x0000_i1026" src="http://www.oas.org/en/sms/signature_images/phone.png" alt="http://www.oas.org/en/sms/signature_images/phone.png" data-unique-identifier=""></span><span style="font-size:10.0pt;color:#686361"> 

 (202) 370 4675 -</span> <span style="font-size:10.0pt;color:#686361"><img border="0" width="10" height="10" id="_x0000_i1025" src="http://www.oas.org/en/sms/signature_images/fax.png" alt="http://www.oas.org/en/sms/signature_images/fax.png" data-unique-identifier=""></span><span style="font-size:10.0pt;color:#686361"> (202)

 458 3857 </span> <span style="color:#1F497D"><br>

</span><span style="font-size:10.0pt;color:#1F497D"><a href="http://www.oas.org/cyber"><span style="color:blue">www.oas.org/cyber</span></a></span><span style="color:#1F497D"><br>

</span><span style="color:#0070C0"><a href="https://twitter.com/KerryOAS"><span style="color:blue">@KerryOAS</span></a>|</span>

<span style="color:navy"><a href="https://twitter.com/OEA_Cyber"><span style="color:blue">@OEA_Cyber</span></a></span><u><span style="color:blue"></span></u></p>

<p class="MsoNormal"><span style="color:navy"> </span></p>

<p class="MsoNormal"><b><u><span style="color:black"><a href="http://oas.us11.list-manage.com/subscribe?u=353ff0663258ae5a775d460db&id=10adfc04db"><span style="color:blue">Register to our distribution list here!</span></a></span></u></b></p>

<p class="MsoNormal"><span style="color:black"> </span></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal"> </p>

<p class="MsoNormal"> </p>

</div>

_______________________________________________<br>

Ssr2-review mailing list<br>

Ssr2-review@icann.org<br>

https://mm.icann.org/mailman/listinfo/ssr2-review<br>

<br>

_______________________________________________<br>

By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos).

 You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<br>

</blockquote>

</div>

</div>

</blockquote>

</body>

</html>