[gnso-rds-pdp-wg] Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

Carlton Samuels carlton.samuels at gmail.com
Thu Feb 15 23:32:26 UTC 2018 

+1

-Carlton


==============================
*Carlton A Samuels*

*Mobile: 876-818-1799Strategy, Planning, Governance, Assessment &
Turnaround*
=============================

On Thu, Feb 15, 2018 at 12:44 PM, Stephanie Perrin <
stephanie.perrin at mail.utoronto.ca> wrote:

> I agree with Sara wholeheartedly.  I would like to propose a workshop at
> the Barcelona meeting to discuss accreditation requirements for
> cybersecurity an IP actors who want to retain access to personal data in a
> tiered access solution.  Release of data in such a system will require
> standards, and I (as mentioned in Abu, on the public panel on GDPR, and in
> my own comments on the 3 models) I think we should get on with developing
> those standards, preferably ISO standards with possibility for independent
> audit.
>
> Stephanie Perrin
> On 2018-02-15 11:34, Sara Bockey wrote:
>
> Our job is now to cooperate in good faith to build a new universal system
> that still fits most needs but also takes data protection as its core
> principle.
>
>
>
> EXACTLY! And what’s lacking from most of our conversations are SOLUTIONS.
> We understand that many of you have come to rely on various types of data
> from WHOIS.  We get it.  We’ve heard you.  What we have NOT heard is “we
> understand the changing landscape, and while we are concerned about losing
> X data, perhaps if we do Y, we can improve RDS and still have access OR if
> we do Z, we can _________.”
>
>
>
> Given the number of really smart people on this list, I am frustrated by
> the lack of innovative, forward thinking.  Change doesn’t have to be
> scary.  Change can be better - an improvement.  We need to stop with the
> myopia.  We need to stop looking backward.  We need to stop demonizing.  If
> you are not saying something NEW, something to move this PDP *forward*,
> you are part of the problem.
>
>
>
> Sara
>
>
>
> *sara bockey*
>
> *sr. policy manager | **Go**Daddy™*
>
> *sbockey at godaddy.com <sbockey at godaddy.com>  480-366-3616
> <(480)%20366-3616>*
>
> *skype: sbockey*
>
>
>
> *This email message and any attachments hereto is intended for use only by
> the addressee(s) named herein and may contain confidential information. If
> you have received this email in error, please immediately notify the sender
> and permanently delete the original and any copy of this message and its
> attachments.*
>
>
>
>
>
> *From: *gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org>
> <gnso-rds-pdp-wg-bounces at icann.org> on behalf of Volker Greimann
> <vgreimann at key-systems.net> <vgreimann at key-systems.net>
> *Date: *Thursday, February 15, 2018 at 4:30 AM
> *To: *Greg Shatan <gregshatanipc at gmail.com> <gregshatanipc at gmail.com>
> *Cc: *"gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
> <gnso-rds-pdp-wg at icann.org> <gnso-rds-pdp-wg at icann.org>
> *Subject: *Re: [gnso-rds-pdp-wg] Equifax hack worse than previously
> thought: Biz kissed goodbye to card expiry dates, tax IDs etc
>
>
>
> That would be problematic, as you should know, since there is no clear cut
> line of what would constitute over-enforcement or under-enforcement. Well,
> the latter will resolve itself due to the incoming DPA actions.
>
> I also never heard of fees to be paid into a fund by those simply trying
> to remain compliant with their applicable laws.
>
> Contracted parties have been stating for years, if not over a decade that
> publication whois details in the current form and shape is problematic from
> a data protection perspective. We have repeatedly tried to drive home the
> point that the current system is not sustainable. We were ignored or
> ridiculed, or asked to get sued to prove our point. Now that we are forced
> to take action, everybody is protesting as if this were something new. It
> is not. Now we have to do a short-term fix, that will hurt more than it
> would have needed to if everyone had cooperated in good faith to reform
> whois years ago. The status quo will change.
>
> Our job is now to cooperate in good faith to build a new universal system
> that still fits most needs but also takes data protection as its core
> principle.
>
> Volker out!
>
>
>
>
>
> Am 15.02.2018 um 05:14 schrieb Greg Shatan:
>
> In a similar vein, ICANN could establish an “Over-enforce the GDPR Fund,”
> in which everyone who thinks the GDPR’s data blackout should be extended to
> the data of non-EU and legal persons would pay in, and it would be used to
> defray the expenses incurred by those who should have access to information
> and instead must expend additional time, money and effort, and often incur
> additional harm, due GDPR over-enforcement.
>
>
>
> On Wed, Feb 14, 2018 at 5:03 AM Volker Greimann <vgreimann at key-systems.net>
> wrote:
>
> Maybe you are hitting on something here.
>
> ICANN could just establish a "Leave-Whois-as-it-is" legal defense fund.
> Everyone who argues that whois should remain as it is has to pay into that
> fund and everyone who is fined by data protection violations can take the
> fines and their legal costs out of that fund. Of course, that would
> necessitate huge investments to set up the fund from mainly volunteer
> organizations that do not actually have the means to support it.
>
> Best,
>
> Volker
>
>
>
> Am 14.02.2018 um 02:21 schrieb Rubens Kuhl:
>
>
>
>
>
> On 13 Feb 2018, at 20:32, John Horton <john.horton at legitscript.com> wrote:
>
>
>
> Thanks, Rubens -- I don't agree with that interpretation. (I think you
> mean the Q&A memo Section 2, right?) See memo here
> <https://www.icann.org/en/system/files/files/gdpr-memorandum-part2-18dec17-en.pdf>.
> Let me know if you meant the first or a different one.
>
>
>
>
>
> It's exactly that memo.
>
> Since you don't agree, does that mean that your organisation is willing to
> pay every GDPR fine contracted parties get from following your
> interpretation ? Because if you are unwilling to do that, then your belief
> in that interpretation is not rock solid.
>
>
>
> What I can tell you is that this risk has been flagged by that paper, by
> the eco model and by internal analysis of some registries, all
> independently of each other; which means you will likely see a good number
> of contracted parties following exactly the path I outlined in order to
> mitigate this risk.
>
>
>
> If you see things differently, get Europeans DPAs to put that in writing,
> and we are all good to go.
>
>
>
>
>
>
>
> Rubens
>
>
>
>
>
>
>
>
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
>
> gnso-rds-pdp-wg at icann.org
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180215/05f0a371/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list