Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AfriNIC-rpd] Regional Internet Registry Privacy

Douglas Onyango ondouglas at gmail.com
Mon May 7 12:33:54 UTC 2012 

SM,
My initial thoughts:

On 5 May 2012 22:02,  <sm+afrinic at elandsys.com> wrote:
> Privacy is the ability of an individual to be left alone, out of public
> view, and in control of information about oneself.

I have an issue with  "be left alone" I think it reflects a very
"un-serious" and informal image, which I think isn't ideal for a
policy. I am offering the following text to help build the new
definition.


"Privacy is the ability of an individual or organization to seclude
their personally sensitive information from  public view, and the
discretion to use and control the same information as they see fit."

>Information about whether any data is adequate, relevant and
> not excessive in relation to the purposes for which it is collected and/or
> transferred shall be made available to any person who is part of the Policy
> Development Working Group for the AfriNIC service region.

What is the rationale for this? specifically why the PDPWG? I thought
the person who would be most in need of this info would be the
"information owner"

> The retention period for Personal Identifiable Information is three months.
> Personal Identifiable Information necessary for financial purposes; e.g.
> billing, can be retained for up to twelve months after the end of a
> Registration Service Agreement.

How did you arrive at 3 and 12 months? Did you factor in the
legal/regulatory obligations of AfriNIC (Ltd) in the country of
registration?
> 4. Personal Identifiable Information Leakage
> In the event of Personal Identifiable Information leakage, a notification
> shall be sent to the Resource Policy Discussion mailing list within a day
> of the detection of the leakage together with an explanation about the
> nature and extent of the leakage.

Why the RPD-ML? I think the people who need to know more about a leak
are the information owners, e.g LIR and end-user carryout that
transactions that require PII to be disclosed.


Regards,
-- 
Douglas Onyango | +256(0712)981329 | Twitter: @ondouglas
Life is the educator's practical joke in which you spend the first
half learning, and the second half learning that everything you
learned in the first was a joke.

More information about the RPD mailing list