[gnso-rds-pdp-wg] Next week's meeting

Holly Raiche h.raiche at internode.on.net
Mon Apr 25 06:40:04 UTC 2016 

Hi Greg

Responses interspersed

Thanks

Holly

On 25 Apr 2016, at 2:38 am, Greg Aaron <gca at icginc.com> wrote:

> Dear Holly:
>  
> As a co-author of SAC054, I note the following.  You said that SAC054 identifies “not only the data elements collected, but the purpose for which they are collected, and identify whether the collection is optional or mandatory.” 
>  
> 1. SAC054 does not list all of the data elements that are collected.  It lists what is usually displayed in gTLD WHOIS.  Registrars collect some data that is not displayed in WHOIS, and that data is not listed in SAC054.  For example: account holder data (which may be different from Registrant data), and the IP addresses of these making domain transactions.
I”m sure you are right - this is the list that Jim Galvin and others came up with - anything you can add will really help us all - so please, add to the list.
>  
> 2.  SAC054 does not list all the purposes for which data is collected.  SAC054 focuses narrowly on data elements used to manage the domain lifecycle and operations.  In other words, some operational purposes, and there may be other purposes.
True enough - if there are other data elements that are not included, then obviously, not all the purposes are listed as well.  What it does do is break down the data elements into why the elements are collected to carry on functions as registry/registrar.  What data protection laws ask is that when data is collected, only that data that is necessary to carry out the functions of registrar/registry be collected. So if there are other purposes, then we need to know them - and they must be related to the functions of registry/registrar.  So again - please, what are the other purposes you are talking about
>  
> 3.  SAC054 does not identify whether the collection of a given piece of data is optional or mandatory. 
>                SAC054 says: "This document contains an enumeration of commonly used data elements. It is not a list or recommendation of which elements are or should be mandatory versus optional.  Some technical specifications (notably the Extensible Provisioning Protocol (EPP) RFCs) denote certain data elements as mandatory to collect, and ICANN gTLD contracts make certain fields mandatory to display in directory services.”
In my email,.I listed two documents: the SAC054 and the EWG Report - it is the latter that has the chart for mandatory/optional.  But again, any information you can add would be very useful

So please - any additional information you can add will assist the work on this group
>  
> With best wishes,
> --Greg
>  
> **********************************
> Greg Aaron
> Vice-President, Product Management
> iThreat Cyber Group / Cybertoolbelt.com
> mobile: +1.215.858.2257
> **********************************
> The information contained in this message is privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.
>  
> From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Holly Raiche
> Sent: Sunday, April 24, 2016 1:59 AM
> To: Marika Konings <marika.konings at icann.org>
> Cc: gnso-rds-pdp-wg at icann.org
> Subject: Re: [gnso-rds-pdp-wg] Next week's meeting
>  
> Dear All
>  
> While I am apology for the next meeting, and not part of either the Privacy or Purpose sub-teams, may I suggest two documents particularly that have been identified and summarised by the data sub team: the SAC54 document which identifies the data elements collected, and  the EWG Recommendations. (in our list of documents, items 6 and 27) They are particularly relevant as they identify not only the data elements collected, but the purpose for which they are collected, and identify whether the collection is optional or mandatory.  This will be particularly useful for the other groups since the underlying principle of data collection in that data should only be collected that that is needed to carry out the functions of the enterprise, and that the data that is collected should only be used and accessed for the identified purposes. 
>  
> While I will not be on the next call, Jim Galvin may be on the call, and he was one of the authors of SAC054 and can speak to it.
>  
> I hope that helps the discussion at the next meeting.
>  
> Holly
>  
>  
> On 22 Apr 2016, at 3:57 am, Marika Konings <marika.konings at icann.org> wrote:
> 
> 
> Dear All,
>  
> Not having heard any objections, we’ll go ahead and re-organise next week’s meeting as follows:
> 15.30 – 16.15 UTC Data Sub-Team 
> 16.15 – 17.00 UTC Privacy Sub-Team 
> 17.00 – 17.45 UTC Purpose Sub-Team 
>  
> Note that this will be scheduled as one call (same dial in number and AC room) to facilitate participation for those that are involved in multiple sub-teams, but there is no obligation for WG members to attend all three sub-team meetings, unless you would like to. However, if you are not a member of a sub-team but would like to join, you are encouraged to participate as an observer to allow ample opportunity for the sub-team to progress in its work. 
>  
> Call details will be sent out in a separate email. Please ignore the notice that went out earlier today for the ‘normal’ WG meeting.
>  
> Thanks,
>  
> Marika

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160425/58fddf55/attachment.html>

More information about the gnso-rds-pdp-wg mailing list