[IRT.RegDataPolicy] [Ext] RE: IRT Task 168ReviewNon-exhaustivelist ofexamples of information/data/evidence that isnotcovered by theTDRP20210831

Roger D Carney rcarney at godaddy.com
Wed Oct 6 13:41:22 UTC 2021 

+1 Sarah, I agree on removing the first two sentences of E.c.

________________________________
From: IRT.RegDataPolicy <irt.regdatapolicy-bounces at icann.org> on behalf of Sarah Wyld via IRT.RegDataPolicy <irt.regdatapolicy at icann.org>
Sent: Wednesday, October 6, 2021 7:17 AM
To: Dennis Chang <dennis.chang at icann.org>; Dennis Chang via IRT.RegDataPolicy <irt.regdatapolicy at icann.org>
Subject: Re: [IRT.RegDataPolicy] [Ext] RE: IRT Task 168ReviewNon-exhaustivelist ofexamples of information/data/evidence that isnotcovered by theTDRP20210831

Caution: This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to isitbad at .



Hi Dennis and team,



I am in full agreement that the non-exhaustive list should not be discussed and should not be considered in relation to the IRT”s work at all. I would be very happy to move on from this discussion.



However, the Implementation Note E (c) contains this sentence: “For purposes of clarity, unless specifically addressed and modified by this Policy, all other data retention requirements and obligations within Registrar’s Registrar Accreditation Agreement remain applicable and in force.” This sentence will cause confusion to readers and does not provide any benefit; as you say, specific retention obligations are a matter to be worked out between registrars and ICANN (Compliance).



If we remove that sentence and the one following (“for example...”) then we’ve solved our problem and can move on from this with a clear retention requirement in our policy.



--

Sarah Wyld, CIPP/E



Policy & Privacy Manager

Pronouns: she/they



swyld at tucows.com<mailto:swyld at tucows.com>

+1.416 535 0123 Ext. 1392



[cid:image001.png at 01D698B1.25CB4480]



From: Dennis Chang<mailto:dennis.chang at icann.org>
Sent: October 5, 2021 5:46 PM
To: Sarah Wyld<mailto:swyld at tucows.com>; Dennis Chang via IRT.RegDataPolicy<mailto:irt.regdatapolicy at icann.org>
Subject: Re: [Ext] RE: [IRT.RegDataPolicy] IRT Task 168ReviewNon-exhaustivelist ofexamples of information/data/evidence that isnotcovered by theTDRP20210831



Hello Sarah and IRT,



We are currently planning our agendas for the next two meeting and will schedule this in for a discussion per Sarah’s request.



In the meanwhile, I’d like the IRT to re-consider the scope of this document again.  I believe this is Sarah’s request.

At a reminder, we had agreed that the Non-exhaustive List of information/data/evidence that is not covered by the TDRP was out-of-scope for the IRT.  If we determine that this is still out-of-scope then I don’t think it would be appropriate for an IRT discussion and I have a proposal for a discussion using another forum.



This not to say that retention that are not covered by the Registration Data Policy aren’t important.  Regardless of whether or not it is part of registration data, it is important to ensure that for any data that registrars are expected to retain, there is a stated purpose and processing of these data, if it concerns personal information.



In order to not hold up the phase 1 implementation work, and recognizing that these other retention requirements are part of other sections in the RAA that have not been specifically called out in the phase 1 recommendations, I propose having a separate conversation between registrars and ICANN org to work through these other retention requirements and hopefully come to a mutual understanding on what is necessary and must be retained, and what may no longer be necessary.



FYI.  The IPT is currently supporting multiple work items to bring to IRT for review.  This includes Rec 7 & Rec 12 Board/GNSO resolution, Data Processing Agreements draft for Section 5, and updates for technology agnostic policy (RDAP).



Thanks

Dennis Chang



From: Sarah Wyld <swyld at tucows.com>
Date: Monday, September 27, 2021 at 10:43
To: Dennis Chang <dennis.chang at icann.org>, "Dennis Chang via IRT.RegDataPolicy" <irt.regdatapolicy at icann.org>
Subject: RE: [Ext] RE: [IRT.RegDataPolicy] IRT Task 168 ReviewNon-exhaustivelist ofexamples of information/data/evidence that is notcovered by theTDRP20210831



Hello team,



I have reviewed the Non-exhaustive list of examples not covered by the TDRP [docs.google.com]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fdocs.google.com%2Fdocument%2Fd%2F1x_DC_X3acfMuuwjiuCpxSihE_fR3Ok2KEZ3A2DzuVvg%2Fedit__%3B!!PtGJab4!sO8l7h-2YT0-IogGRxThWUKZgVt6501G3yDLVyK68ggebcyfYPc3twPtTEUwyNVEqTJo0Jmf%24&data=04%7C01%7Crcarney%40godaddy.com%7C54400a4374e34edd6af808d988c35a8f%7Cd5f1622b14a345a6b069003f8dc4851f%7C0%7C0%7C637691194887166496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=855m%2BS%2Bmtjtc%2FggTZ8ZVOHg01O1HRdJr%2B%2BGtpJsfPXk%3D&reserved=0> doc and left comments on each line item relating to the retention period.

Can this please be put on the agenda for our upcoming meeting?



Apologies if you get two versions of this message, having some email weirdness this afternoon.



Thanks.



--

Sarah Wyld, CIPP/E



Policy & Privacy Manager

Pronouns: she/they



swyld at tucows.com<mailto:swyld at tucows.com>

+1.416 535 0123 Ext. 1392



[cid:image001.png at 01D7B9F7.D5DD26A0]



From: Dennis Chang<mailto:dennis.chang at icann.org>
Sent: September 15, 2021 9:47 AM
To: Sarah Wyld<mailto:swyld at tucows.com>; Dennis Chang via IRT.RegDataPolicy<mailto:irt.regdatapolicy at icann.org>
Subject: Re: [Ext] RE: [IRT.RegDataPolicy] IRT Task 168 ReviewNon-exhaustivelist ofexamples of information/data/evidence that is notcovered by theTDRP20210831



Hi Sarah,



I am interested to hear your concern of course.

Let’s add this item as an AOB at the end of the meeting.



Thanks

Dennis Chang



From: Sarah Wyld <swyld at tucows.com>
Date: Wednesday, September 15, 2021 at 05:50
To: Dennis Chang <dennis.chang at icann.org>, "Dennis Chang via IRT.RegDataPolicy" <irt.regdatapolicy at icann.org>
Subject: RE: [Ext] RE: [IRT.RegDataPolicy] IRT Task 168 Review Non-exhaustivelist ofexamples of information/data/evidence that is not covered by theTDRP20210831



Hi Dennis,



Thanks for your thoughtful response.



With this info in mind, I think we need to put Implementation Note E on the agenda for an upcoming meeting. The Note refers to “other data retention requirements and obligations within Registrar’s Registrar Accreditation Agreement” and that will raise questions about what other requirements exist, which will bring us back to the list you made.



My concern is that I think the items on the list you provided ARE modified by the updated retention requirements. The Note suggests otherwise, so that needs to be addressed.



Thanks very much,



--

Sarah Wyld, CIPP/E



Policy & Privacy Manager

Pronouns: she/her



swyld at tucows.com<mailto:swyld at tucows.com>

+1.416 535 0123 Ext. 1392



[cid:image001.png at 01D7A9FD.872D6C40]



From: Dennis Chang<mailto:dennis.chang at icann.org>
Sent: September 14, 2021 7:24 PM
To: Sarah Wyld<mailto:swyld at tucows.com>; Dennis Chang via IRT.RegDataPolicy<mailto:irt.regdatapolicy at icann.org>
Subject: Re: [Ext] RE: [IRT.RegDataPolicy] IRT Task 168 Review Non-exhaustivelist ofexamples of information/data/evidence that is not covered by theTDRP20210831



Hi Sarah and Team,



Thanks indeed to the IRT for completing Section 13.  It’s nice to mark the status green (or some other color name that looks like green to me; FYI, Sam redressed the Status Maps since I am color challenged)  Thanks to the EPDP2 team as well for making the requirement clear for us to quickly get to an agreement.



As for the Non-exhaustive list document, I agree that this list is out-of-scope for the Registration Data Policy and the IRT should not spend time discussing it as it covers non-registration data retention requirements.



As a reminder, this document was created at the request of the IRT to identify examples of retention requirements that are not covered by the Registration Data Retention per the EPDP Phase 2 Priority 2 recommendation.  It served its purpose so IRT can consider the task 168 complete.



As for Sarah’s suggestion for “deleted entirely,”  I want to make it clear that the IRT process is transparent and our meeting records are published.  At our last meeting, I agreed not to post this document on the IRT wiki to support Sarah’s request so it will only be accessible to the IRT members.  Please note that for the purpose of clarity, we do have our Implementation Note E.c tagged with [P2P2R21 [docs.google.com]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fdocs.google.com%2Fdocument%2Fd%2F1Sq9sLcR_DW0dEibGEg3segJyuXvVaQT_qMsP6Ef-ABQ%2Fedit__%3B!!PtGJab4!tyFZir75TPKKh_RnM4IIX5ML7diqmjZ5VIeixv8oQC1d3js2f0QoSSFJChGdgDiu6tMr1ixB%24&data=04%7C01%7Crcarney%40godaddy.com%7C54400a4374e34edd6af808d988c35a8f%7Cd5f1622b14a345a6b069003f8dc4851f%7C0%7C0%7C637691194887176492%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EwVYqfoUketvupHSB%2F5URvMFOoVgx5uJgS780QjYy4Q%3D&reserved=0>]



Thank you all for your continued support to the Registration Data Policy.

Dennis Chang



From: Sarah Wyld <swyld at tucows.com>
Date: Wednesday, September 1, 2021 at 12:45
To: Dennis Chang <dennis.chang at icann.org>, "Dennis Chang via IRT.RegDataPolicy" <irt.regdatapolicy at icann.org>
Subject: [Ext] RE: [IRT.RegDataPolicy] IRT Task 168 Review Non-exhaustive list ofexamples of information/data/evidence that is not covered by the TDRP20210831



Hi team,



I am pleased that we finished the Data Retention section of the OneDoc today!



I was OK not using meeting time to discuss the list of examples provided by Dennis/staff team only if that list is indeed not part of our Policy or published work output, which is what I understood during the call. In light of the fact that the Policy section on Data Retention is “clean” (we have now resolved the open comments/concerns), I don’t think there is any need or use for this list. The Policy language is itself clear.



That said, I do have significant concerns and disagreements with the contents of the list. If it will be used for any purpose after today, including being made available to anyone who thinks it’s part of our policy or accepted work output, then we do need to spend some time with it. I would suggest instead that the list be deleted entirely at this point, as it is irrelevant.

Thank you,



--

Sarah Wyld, CIPP/E



Policy & Privacy Manager

Pronouns: she/her



swyld at tucows.com<mailto:swyld at tucows.com>

+1.416 535 0123 Ext. 1392



[cid:image001.png at 01D7A984.F4952030]



From: Dennis Chang via IRT.RegDataPolicy<mailto:irt.regdatapolicy at icann.org>
Sent: August 25, 2021 1:40 PM
To: Dennis Chang via IRT.RegDataPolicy<mailto:irt.regdatapolicy at icann.org>
Subject: [IRT.RegDataPolicy] IRT Task 168 Review Non-exhaustive list ofexamples of information/data/evidence that is not covered by the TDRP20210831



Dear IRT,



To support our discussion on the Retention Requirement, provided here are some examples for retention.

168

Review Non-exhaustive list of examples of information/data/evidence that is not covered by the TDRP [docs.google.com]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fdocs.google.com%2Fdocument%2Fd%2F1x_DC_X3acfMuuwjiuCpxSihE_fR3Ok2KEZ3A2DzuVvg%2Fedit__%3B!!PtGJab4!p3hP9JFqoSJiW_T_2yW7ghoFsvkQNU6e_q7fFugEzoFi8acfxaJ6r0RiAH_28AwnGok6RtlM%24&data=04%7C01%7Crcarney%40godaddy.com%7C54400a4374e34edd6af808d988c35a8f%7Cd5f1622b14a345a6b069003f8dc4851f%7C0%7C0%7C637691194887176492%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=DHJv%2FE0bXa857eTyJ3yYPWlvG51t5XmWEG5K6ASbJnY%3D&reserved=0>

20210831

You are all welcomed to add to this list; let’s review together at our next meeting.



--

Kind Regards,

Dennis S. Chang

GDD Programs Director

Phone: +1 213 293 7889

Sykpe: dennisSchang

www.icann.org<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.icann.org%2F&data=04%7C01%7Crcarney%40godaddy.com%7C54400a4374e34edd6af808d988c35a8f%7Cd5f1622b14a345a6b069003f8dc4851f%7C0%7C0%7C637691194887186489%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=XeQROUDH%2Fonvlg05J1Fh2CUD5Jd8Ib7YOLgLpqzylbE%3D&reserved=0> One World – One Internet








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/irt.regdatapolicy/attachments/20211006/5afed309/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 66DD891F1CD140B8B082E775A55F2328[15000380631].png
Type: image/png
Size: 3031 bytes
Desc: 66DD891F1CD140B8B082E775A55F2328[15000380631].png
URL: <https://mm.icann.org/pipermail/irt.regdatapolicy/attachments/20211006/5afed309/66DD891F1CD140B8B082E775A55F232815000380631-0001.png>

More information about the IRT.RegDataPolicy mailing list