[gnso-rds-pdp-wg] Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc
Stephanie Perrin
stephanie.perrin at mail.utoronto.ca
Thu Feb 15 17:44:32 UTC 2018
I agree with Sara wholeheartedly. I would like to propose a workshop at
the Barcelona meeting to discuss accreditation requirements for
cybersecurity an IP actors who want to retain access to personal data in
a tiered access solution. Release of data in such a system will require
standards, and I (as mentioned in Abu, on the public panel on GDPR, and
in my own comments on the 3 models) I think we should get on with
developing those standards, preferably ISO standards with possibility
for independent audit.
Stephanie Perrin
On 2018-02-15 11:34, Sara Bockey wrote:
>
> Our job is now to cooperate in good faith to build a new universal
> system that still fits most needs but also takes data protection as
> its core principle.
>
> EXACTLY! And what’s lacking from most of our conversations are
> SOLUTIONS. We understand that many of you have come to rely on
> various types of data from WHOIS. We get it. We’ve heard you. What
> we have NOT heard is “we understand the changing landscape, and while
> we are concerned about losing X data, perhaps if we do Y, we can
> improve RDS and still have access OR if we do Z, we can _________.”
>
> Given the number of really smart people on this list, I am frustrated
> by the lack of innovative, forward thinking. Change doesn’t have to
> be scary. Change can be better - an improvement. We need to stop
> with the myopia. We need to stop looking backward. We need to stop
> demonizing. If you are not saying something NEW, something to move
> this PDP _forward_, you are part of the problem.
>
> Sara
>
> *sara bockey*
>
> *sr. policy manager | **Go**Daddy^™ *
>
> *sbockey at godaddy.com <mailto:sbockey at godaddy.com> 480-366-3616*
>
> *skype: sbockey*
>
> //
>
> /This email message and any attachments hereto is intended for use
> only by the addressee(s) named herein and may contain confidential
> information. If you have received this email in error, please
> immediately notify the sender and permanently delete the original and
> any copy of this message and its attachments./
>
> *From: *gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf
> of Volker Greimann <vgreimann at key-systems.net>
> *Date: *Thursday, February 15, 2018 at 4:30 AM
> *To: *Greg Shatan <gregshatanipc at gmail.com>
> *Cc: *"gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
> *Subject: *Re: [gnso-rds-pdp-wg] Equifax hack worse than previously
> thought: Biz kissed goodbye to card expiry dates, tax IDs etc
>
> That would be problematic, as you should know, since there is no clear
> cut line of what would constitute over-enforcement or
> under-enforcement. Well, the latter will resolve itself due to the
> incoming DPA actions.
>
> I also never heard of fees to be paid into a fund by those simply
> trying to remain compliant with their applicable laws.
>
> Contracted parties have been stating for years, if not over a decade
> that publication whois details in the current form and shape is
> problematic from a data protection perspective. We have repeatedly
> tried to drive home the point that the current system is not
> sustainable. We were ignored or ridiculed, or asked to get sued to
> prove our point. Now that we are forced to take action, everybody is
> protesting as if this were something new. It is not. Now we have to do
> a short-term fix, that will hurt more than it would have needed to if
> everyone had cooperated in good faith to reform whois years ago. The
> status quo will change.
>
> Our job is now to cooperate in good faith to build a new universal
> system that still fits most needs but also takes data protection as
> its core principle.
>
> Volker out!
>
> Am 15.02.2018 um 05:14 schrieb Greg Shatan:
>
> In a similar vein, ICANN could establish an “Over-enforce the GDPR
> Fund,” in which everyone who thinks the GDPR’s data blackout
> should be extended to the data of non-EU and legal persons would
> pay in, and it would be used to defray the expenses incurred by
> those who should have access to information and instead must
> expend additional time, money and effort, and often incur
> additional harm, due GDPR over-enforcement.
>
> On Wed, Feb 14, 2018 at 5:03 AM Volker Greimann
> <vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>> wrote:
>
> Maybe you are hitting on something here.
>
> ICANN could just establish a "Leave-Whois-as-it-is" legal
> defense fund. Everyone who argues that whois should remain as
> it is has to pay into that fund and everyone who is fined by
> data protection violations can take the fines and their legal
> costs out of that fund. Of course, that would necessitate huge
> investments to set up the fund from mainly volunteer
> organizations that do not actually have the means to support it.
>
> Best,
>
> Volker
>
> Am 14.02.2018 um 02:21 schrieb Rubens Kuhl:
>
>
>
> On 13 Feb 2018, at 20:32, John Horton
> <john.horton at legitscript.com<mailto:john.horton at legitscript.com>>
> wrote:
>
> Thanks, Rubens -- I don't agree with that
> interpretation. (I think you mean the Q&A memo Section
> 2, right?) See memo
> here<https://www.icann.org/en/system/files/files/gdpr-memorandum-part2-18dec17-en.pdf>.
> Let me know if you meant the first or a different one.
>
> It's exactly that memo.
>
> Since you don't agree, does that mean that your
> organisation is willing to pay every GDPR fine contracted
> parties get from following your interpretation ? Because
> if you are unwilling to do that, then your belief in that
> interpretation is not rock solid.
>
> What I can tell you is that this risk has been flagged by
> that paper, by the eco model and by internal analysis of
> some registries, all independently of each other; which
> means you will likely see a good number of contracted
> parties following exactly the path I outlined in order to
> mitigate this risk.
>
> If you see things differently, get Europeans DPAs to put
> that in writing, and we are all good to go.
>
> Rubens
>
>
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
>
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180215/711884c7/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list