[NCUC-DISCUSS] [Privacy] this is a space for privacy work
Alex Gakuru
gakuru at gmail.com
Sun Apr 6 12:05:42 CEST 2014
Since 2010 it has bothered what the so called "background checks" are and
how they're conducted. Who undertakes them? Grounded on what law? What
mechanisms for correcting wrongly associated personal or other information?
Yet this has been/is basis of key decisions?
On Sun, Apr 6, 2014 at 9:53 AM, Maria Farrell <maria.farrell at gmail.com>wrote:
> Hi Rafik and Stephanie and everyone else,
>
> I see the risk but currently don't see this item as diverting too much
> energy from our substantive policy work. 1) It's a fairly well constrained
> little piece of work, 2) we're responding to a request / invitation to be
> helpful, and 3) the call for input has brought in a lot of new and
> enthusiastic volunteers from our group.
>
> My hope (both personally and also in capacity as NCSG PC chair) would be
> that we can get a nice, discrete (as in well-bounded and not too
> time-consuming) piece of work done, show our useful expertise more broadly,
> and then channel some of our new volunteers towards the GNSO policy work on
> whois. Let's use it as an onboarding - Stephanie's call for volunteers got
> more response than most of our policy requests. I would like to think of
> this item as a 'gateway drug' to other privacy issues in ICANN!
>
> Maria
>
>
> On 6 April 2014 07:44, Rafik Dammak <rafik.dammak at gmail.com> wrote:
>
>> Hi Stephanie,
>>
>> I am afraid that the focus on thing like ICANN collecting data about
>> volunteers and participants can divert the scarce resources we have ,
>> instead of working whois-related issues
>> more clarity about the strategy and scope would be helpful
>>
>> Best Regards,
>>
>> Rafik
>>
>>
>> 2014-04-06 15:41 GMT+09:00 Stephanie Perrin <
>> stephanie.perrin at mail.utoronto.ca>:
>>
>> I am afraid I don't understand the question Rafik..we offered to tell
>>> them what is wrong with their policy. Item one, is the scope is too
>>> narrow. A full policy covers everything. This is what the law would
>>> demand, if they were in a jurisdiction with law.
>>>
>>> On Apr 6, 2014, at 2:18 AM, Rafik Dammak <rafik.dammak at gmail.com> wrote:
>>>
>>> Hi Stephanie,
>>>
>>> I read the document but I am somehow puzzled by the scope:
>>> - are we talking about privacy within ICANN in regard to the policies
>>> development there like in the case of RAA, Whois, new directory services?
>>> then providing a privacy framework for ICANN policies, systematic
>>> assessment of policy impact on privacy and data protection etc
>>> - or it is just about ICANN collecting personal data from the community
>>> , staff etc
>>>
>>> the scope matters because the resources and the focus we can have at
>>> NCSG level. as you know we have already an existing group to discuss
>>> privacy within NCSG , with those involved in several working group around
>>> whois.
>>>
>>> Best Regards,
>>>
>>> Rafik
>>>
>>>
>>> 2014-04-02 20:07 GMT+09:00 Stephanie Perrin <
>>> stephanie.perrin at mail.utoronto.ca>:
>>>
>>>> Further to this note, there is an opening very draft preface to our
>>>> comments on the ICANN privacy policy, on the pad set up by Niels. I attach
>>>> the word version here, for anyone who is interested in this project. To
>>>> join the work group, contact Stefania
>>>> It is a conversation starter, no where near a final draft.
>>>>
>>>>
>>>> On Mar 30, 2014, at 2:45 PM, Stephanie Perrin <
>>>> stephanie.perrin at mail.utoronto.ca> wrote:
>>>>
>>>> Further to Robin's note, I am pasting in a thread that originated in
>>>>> NCUC following our meeting with the ICANN Board.
>>>>>
>>>>>
>>>> Numerous members of the NCUC have already volunteered to work on
>>>> developing a gap analysis of the existing ICANN privacy policies, with a
>>>> view to providing advice back to the Board as to what needs to be done to
>>>> bring ICANN privacy policies up to the expected levels. Please join in, as
>>>> you can see from Bruce Tonkin's note back to us, there is a rather poor web
>>>> policy, for which I promised to provide a critique. I attach a few other
>>>> jobs that need to be done rather soon, if anyone would like to volunteer.
>>>> Here is a snippet which I just sent out to the NCUC volunteers:
>>>>
>>>> OK, perhaps one group of folks would like to have a look at the policy
>>>> for new Gtlds, available here, and prepare a critique of what is missing
>>>> (gap analysis)
>>>>
>>>> gTLD Program is addressed in a separate personal data privacy statement
>>>> at http://newgtlds.icann.org/en/applicants/agb/program-privacy.
>>>> We could also use some help from someone on analysing the transparency
>>>> and accountability principles, where the disclosure stuff is apparently
>>>> buried. One of the major criticisms of these policies is that it is very
>>>> difficult for a user/participant at ICANN to find out what is happening to
>>>> their data.
>>>> Another task where I would love some help from an American Attorney,
>>>> is whether it is legally possible to declare a total disclaimer to breach
>>>> liability in the state of California, where there are data breach
>>>> disclosure rules. (see the following snippet of the policy which I am
>>>> dubbing a web policy):
>>>>
>>>> Due to the open communication nature of the Internet, ICANN cannot
>>>> represent, warrant or guarantee that communications stored on ICANN servers
>>>> will be free from unauthorized access by third parties, loss, misuse or
>>>> alterations. While ICANN will take reasonable and appropriate security
>>>> measures to protect against unauthorized access, disclosure, alteration or
>>>> destruction of personal information received, ICANN DISCLAIMS ANY AND ALL
>>>> LIABILITY FOR UNAUTHORIZED ACCESS OR USE OR COMPROMISE OF YOUR PERSONAL
>>>> INFORMATION. USERS ARE ADVISED THAT THEY SUBMIT SUCH PERSONAL INFORMATION
>>>> AT THEIR OWN RISK.
>>>> I have to say this is one of the paragraphs that really put me right
>>>> over the top....caps included.
>>>> Any volunteers for this task, I am working on the three pager and the
>>>> basic critique of the web policy.
>>>> cheers steph
>>>> PS I have still not found the alleged staff policy, if anyone knows
>>>> where it is please let me know
>>>>
>>>> Kind regards,
>>>> Stephanie Perrin
>>>>
>>>> On 26 Mar 2014, at 1:59 pm, Stephanie Perrin <
>>>>> stephanie.perrin at mail.utoronto.ca> wrote:
>>>>>
>>>>> I will certainly volunteer to provide the first draft of a commentary
>>>>> on the "privacy policy". I believe I am already on the hook for that, and
>>>>> if folks can self identify if they have an interest in this area, we can
>>>>> call it a group and I will send out the marked up copy. If people prefer
>>>>> to use a platform (e.g. googledocs) let us know.
>>>>> cheers Stephanie Perirn
>>>>> On Mar 26, 2014, at 1:43 AM, William Drake <william.drake at uzh.ch>
>>>>> wrote:
>>>>>
>>>>> Hi
>>>>>
>>>>> We have a number of folks who work on privacy policy. Would anyone be
>>>>> interested in organizing a group to provide an input to ICANN on its policy
>>>>> regarding the collection and use of personal data?
>>>>>
>>>>> Bill
>>>>>
>>>>> Begin forwarded message:
>>>>>
>>>>> *From: *Bruce Tonkin <Bruce.Tonkin at melbourneit.com.au>
>>>>> *Subject: **RE: ICANN privacy policy*
>>>>> *Date: *March 25, 2014 at 5:15:07 PM GMT+8
>>>>> *To: *William Drake <william.drake at uzh.ch>
>>>>> *Cc: *Rafik Dammak <rafik.dammak at gmail.com>, "marie-laure Lemineur (
>>>>> mllemineur at gmail.com)" <mllemineur at gmail.com>, David Cake <
>>>>> dave at difference.com.au>, Maria Farrell <maria.farrell at gmail.com>, "
>>>>> magaly.pazello at gmail.com" <magaly.pazello at gmail.com>, "
>>>>> kdrstoll at gmail.com" <kdrstoll at gmail.com>, "Amr Elsadr (
>>>>> aelsadr at egyptig.org)" <aelsadr at egyptig.org>, Fadi Chehade <
>>>>> fadi.chehade at icann.org>, John Jeffrey <john.jeffrey at icann.org>
>>>>>
>>>>> Yes indeed - your addresses were just ones that I had to hand.
>>>>>
>>>>> Regards,
>>>>> Bruce Tonkin
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: William Drake [mailto:william.drake at uzh.ch<william.drake at uzh.ch>
>>>>> ]
>>>>> Sent: Tuesday, 25 March 2014 5:10 PM
>>>>> To: Bruce Tonkin
>>>>> Cc: Rafik Dammak; marie-laure Lemineur (mllemineur at gmail.com); David
>>>>> Cake; Maria Farrell; magaly.pazello at gmail.com; kdrstoll at gmail.com;
>>>>> Amr Elsadr (aelsadr at egyptig.org); Fadi Chehade; John Jeffrey
>>>>> Subject: Re: ICANN privacy policy
>>>>>
>>>>> Hi Bruce
>>>>>
>>>>> Thanks for this. I assume this is an open invitation that we can
>>>>> share with our privacy mavens who are not not on the Cc, correct?
>>>>>
>>>>> Best
>>>>>
>>>>> Bill
>>>>>
>>>>> On Mar 25, 2014, at 4:33 PM, Bruce Tonkin <
>>>>> Bruce.Tonkin at melbourneit.com.au> wrote:
>>>>>
>>>>> Hello All,
>>>>>
>>>>> Regarding the discussion of ICANN's use of private information in the
>>>>> NCSG meeting with the Board today.
>>>>>
>>>>> With respect to ICANN's policy for collection and use of personal
>>>>> data, we do have a published privacy policy.
>>>>>
>>>>> See: http://www.icann.org/en/help/privacy
>>>>>
>>>>> We would welcome a review of this policy to determine if it needs to
>>>>> be improved. IT was last updated in Oct 2012.
>>>>>
>>>>> Also with respect to staff/HR information etc - I will see what
>>>>> information is available on internal policies.
>>>>>
>>>>> Regards,
>>>>> Bruce Tonkin
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Ncuc-discuss mailing list
>>>>> Ncuc-discuss at lists.ncuc.org
>>>>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Ncuc-discuss mailing list
>>>>> Ncuc-discuss at lists.ncuc.org
>>>>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>>>>>
>>>>>
>>>>> On Mar 30, 2014, at 2:34 PM, Robin Gross <robin at ipjustice.org> wrote:
>>>>
>>>> This is an open, archived list for those wishing to develop privacy
>>>> policy.
>>>>
>>>> Make the most of it!
>>>>
>>>> _______________________________________________
>>>> Privacy mailing list
>>>> Privacy at ipjustice.org
>>>> http://mailman.ipjustice.org/listinfo/privacy
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Ncuc-discuss mailing list
>>>> Ncuc-discuss at lists.ncuc.org
>>>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>>>>
>>>>
>>>
>>>
>>
>> _______________________________________________
>> Ncuc-discuss mailing list
>> Ncuc-discuss at lists.ncuc.org
>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>>
>>
>
> _______________________________________________
> Ncuc-discuss mailing list
> Ncuc-discuss at lists.ncuc.org
> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20140406/c249e9c4/attachment-0002.html>
More information about the Ncuc-discuss
mailing list