[gnso-rds-pdp-wg] Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

Chris Pelling chris at netearth.net
Tue Feb 13 19:11:38 UTC 2018 

Hi Rubens, 

My understanding from doing these audit twice is that hte data is sent to an ICANN managed and controlled system, this is then sent onto the auditor KPMG in these cases. That or KPMG has access to the data on the ICANN system. 

Kind regards, 

Chris 


From: "Rubens Kuhl" <rubensk at nic.br> 
To: "Chris Pelling" <chris at netearth.net> 
Cc: "John Bambenek" <jcb at bambenekconsulting.com>, "gnso-rds-pdp-wg" <gnso-rds-pdp-wg at icann.org>, "Greg Aaron" <gca at icginc.com> 
Sent: Tuesday, 13 February, 2018 17:40:25 
Subject: Re: [gnso-rds-pdp-wg] Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc 






On 13 Feb 2018, at 15:29, Chris Pelling < chris at netearth.net > wrote: 

Sorry Greg, 

Totally disagree based on the requirements of the RAA and data retention requirements. Sending data to Icann for audits etc, to iron mountain for data escrow. 

Way too much data in my opinion 





During audits data is sent to auditors, not to ICANN. I wouldn't trust ICANN InfoSec with such data and I think most contracted parties wouldn't either. 

As for data escrow, it only contains registration data; while some information there is sensitive (like physical address), registrants would rather keep their domains in case of a registrar or registry collapse. Different from WHOIS publication, when the possible legitimate uses under discussions are of 3rd parties, escrow is a legitimate interest of the registrant. While I would like to see DPAs signing on that thinking to be sure we are on the safe side, it's not a balance, it is in place towards registrant benefit. The only grey area here is "right to be forgotten" after a domain is deleted or transferred; will a registrant be able to ask for such data removal, or is a domain registry like a land registry where the ownership history belongs to society not to individual owners of that piece of land ? 



Rubens 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180213/8a1c565c/attachment.html>

More information about the gnso-rds-pdp-wg mailing list