[gnso-rds-pdp-wg] Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

Tue Feb 13 17:40:25 UTC 2018

> On 13 Feb 2018, at 15:29, Chris Pelling <chris at netearth.net> wrote:
> 
> Sorry Greg,
> 
> Totally disagree based on the requirements of the RAA and data retention requirements.  Sending data to Icann for audits etc, to iron mountain for data escrow.
> 
> Way too much data in my opinion

During audits data is sent to auditors, not to ICANN. I wouldn't trust ICANN InfoSec with such data and I think most contracted parties wouldn't either.

As for data escrow, it only contains registration data; while some information there is sensitive (like physical address), registrants would rather keep their domains in case of a registrar or registry collapse. Different from WHOIS publication, when the possible legitimate uses under discussions are of 3rd parties, escrow is a legitimate interest of the registrant. While I would like to see DPAs signing on that thinking to be sure we are on the safe side, it's not a balance, it is in place towards registrant benefit. The only grey area here is "right to be forgotten" after a domain is deleted or transferred; will a registrant be able to ask for such data removal, or is a domain registry like a land registry where the ownership history belongs to society not to individual owners of that piece of land ?

Rubens

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180213/e3955ba7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 529 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180213/e3955ba7/signature.asc>