[Gnso-epdp-team] FW: [RegDataPolicy.IPT] Status update on EPDP Rec. 15.1

Caitlin Tubergen caitlin.tubergen at icann.org
Sat Nov 2 17:14:50 UTC 2019 

Dear EPDP Team:

 

Please find below a message from Karen Lentz regarding ICANN org’s analysis in response to the EPDP Phase 1 Recommendation 15.1 on data retention.

 

Thank you.

 

Best regards,

 

Marika, Berry, and Caitlin

 

 

From: Karen Lentz <karen.lentz at icann.org>
Date: Friday, November 1, 2019 at 12:39 PM
To: Caitlin Tubergen <caitlin.tubergen at icann.org>, "regdatapolicy.ipt at icann.org" <regdatapolicy.ipt at icann.org>
Cc: "gnso-epdp-lead at icann.org" <gnso-epdp-lead at icann.org>
Subject: Re: [RegDataPolicy.IPT] Status update on EPDP Rec. 15.1

 

Dear colleagues,

 

Further to this note, attached is ICANN org’s analysis in response to the EPDP Ph 1 Recommendation 15.1 on data retention.  A summary of the key points is below:

 
ICANN org was asked to respond to the Phase 1 recommendation 15 to identify and document instances where ICANN org has a need for data beyond the life of a domain name registration, with the intent of informing the Phase 2 deliberations.   
In the interim, the EPDP Phase 1 team recommended that an 18-month data retention requirement be in place for registrars as part of the Phase 1 policy.
Implementation of the 18-month requirement is applicable to the provisions of the RAA Data Retention Specification on retention of registration data elements; other existing retention requirements (e.g., for records of communications) are not changed.
We have identified one instance where ICANN org would be requesting data from a registrar beyond the life of the registration.  This instance is contractual compliance functions, particularly around expiration and deletion of names.  ICANN org cannot investigate registrar compliance with relevant policy and contractual requirements this if data is not retained.
Contractual Compliance functions do not prescribe particular data retention periods and ICANN org will perform its compliance function to the extent possible within the applicable period.
The RAA Data Retention Specification is not primarily in place for ICANN org to use data retained by registrars, but rather to support other purposes such as registrant protection, technical issue resolution, security and stability, abuse mitigation, and others.
The EPDP’s recommendation 15.1 suggests that community members be invited to contribute to this exercise by providing input on other potential use cases for different retention periods.  The next step will be for the Phase 2 team to decide how it wants to seek such input on this topic.
 

Note that a related analysis in regard to Recommendation 15.4, a review of the Data Retention Waiver Procedure, is forthcoming.  This work is in progress and we hope to be able to provide it this week as well.

 

We hope the above is helpful; please let us know of any additional questions.

 

Best regards,

Karen

 

-- 

 

Karen Lentz

Director, Operations & Policy Research

 

ICANN

12025 Waterfront Drive, Suite 300

Los Angeles CA  90094

+1 310 895 3637

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20191102/e8cd309e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15.1 Data Retention_  Review of ICANN Org Processes-1nov19.pdf
Type: application/pdf
Size: 101618 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20191102/e8cd309e/15.1DataRetention_ReviewofICANNOrgProcesses-1nov19-0001.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20191102/e8cd309e/smime-0001.p7s>

More information about the Gnso-epdp-team mailing list