[gnso-rds-pdp-wg] Dangers of public whois

Holly Raiche h.raiche at internode.on.net
Fri Feb 10 22:14:50 UTC 2017 

I agree with both Jim’s and Mark’s thoughtful responses.

We do live in a world where the gathering of so much data that can be connected back to an individual through algorithms begs the question -  what is private/ personal information.

And I like Mark's questions - really a simply form of privacy principles.

Holly

On 11 Feb 2017, at 9:03 am, Mark Svancarek via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org> wrote:

> I'd say that good privacy practice would assume:
> 
> Only collect what you need (not something you "might" need)
> Only keep it as long as you need it, discard it as soon as its utility is expired
> Only use it for the reason you collected it, don't invent new reasons to use it post facto
> Restrict access on a need to know basis, which applies both to human access and machine access
> 
> And +1 on most data being "linkable" to other data available elsewhere, thus potentially becoming PII in aggregate.
> 
> -----Original Message-----
> From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of James Galvin
> Sent: Thursday, February 9, 2017 2:16 PM
> To: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
> Subject: Re: [gnso-rds-pdp-wg] Dangers of public whois
> 
> I have to say that my beliefs about private data have been evolving for as long as this working group has existed.
> 
> One thing I believe now is that asking the question, “What is private/personal/PII data?” is not the best way to approach the problem.
> 
> In my opinion, in this world of “big data”, a case could be made that everything is personal information.  This includes the “thin data” we’ve been talking about.  The reality is that doing “reverse lookups” with one or more bits of information can be quite revealing, much more so for folks like Sean Spicer than others perhaps, but nonetheless true.
> 
> As Greg A. pointed out later in this thread, different people have different risk profiles and frankly there’s a limit to how much you can protect people from their own ignorance.
> 
> In my opinion, our focus should be on what information we need and why, i.e., what is the purpose of the registration data?  We should be taking a minimalist approach, to start, followed by extended discussion about what else we might collect and why?
> 
> Although we need to keep in mind access and visibility of information, as Chuck so often reminds us, that’s a separate discussion to be had “next”, in the not too distant future I hope.
> 
> Discussions about what is personal data and what is not are distracting. 
>  Let’s assume it all is and move forward from there.  Understanding the “why” collecting the data will quite naturally drive the discussion of whether or not it needs to be “public” or in some way be subject to “restricted access”.
> 
> Jim
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list