Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AfriNIC-rpd] Regional Internet Registry Privacy

McTim dogwallah at gmail.com
Fri May 11 15:31:38 UTC 2012


Hi SM,

I realise that you have had no official communication on your proposal from
the pdwg.

Apologies for that, we are discussing the agenda for the Open Policy Hour
at a meeting
of the pdwg co-chairs in the Gambia before the PPM.

Since your proposal was not sent in time to be put on the agenda for the
PPM, would it be
ok if we put it in the Open Policy Hour with the other proposals that were
made after the deadline?

Will you attend the meeting in the Gambia?

Best Regards,

McTim
PDWG co-chair


On Sat, May 5, 2012 at 3:02 PM, <sm+afrinic at elandsys.com> wrote:

> Name: S. Moonesamy
> Email: sm+afrinic at elandsys.com
> Date: 5 May, 2012
> Version: 1
>
> Title: Regional Internet Registry Privacy
>
> Summary
>
> Privacy is the ability of an individual to be left alone, out of public
> view,
> and in control of information about oneself.  This document specifies the
> privacy policy for the Regional Internet Registry handling Internet number
> resources in the AfriNIC service region.
>
> 1. Introduction
>
> Privacy is the ability of an individual to be left alone, out of public
> view,
> and in control of information about oneself.  AfriNIC, as a Regional
> Internet
> Registry, manages and administers Internet number resources for the AfriNIC
> service region.  It publishes information about Internet number resources
> on the
> Internet.  This document specifies the privacy policy for the Internet
> Registry.
>
> Any restriction mentioned in this document is not applicable to data which
> is publicly available, e.g. data provided through a service accessible
> anonymously over the Internet.
>
> 2. Data Minimization
>
> The principle of data minimization has been adopted to limit the collection
> and/or transfer of Personal Identifiable Information (PII) to what is
> directly relevant and necessary for specified, explicit and legitimate
> purposes.  Information about whether any data is adequate, relevant and
> not excessive in relation to the purposes for which it is collected and/or
> transferred shall be made available to any person who is part of the Policy
> Development Working Group for the AfriNIC service region.
>
> The Regional Internet Registry shall not collect under any circumstances
> Personal Identifiable Information from an applicant of Internet number
> resources which can be used to identify more than a quarter of the users
> to which an applicant has allocated IP address space.  This is a maximum
> amount and not guidance about the amount of data considered as excessive.
>
> 2.1. Data Retention
>
> The retention period for Personal Identifiable Information is three months.
> Personal Identifiable Information necessary for financial purposes; e.g.
> billing, can be retained for up to twelve months after the end of a
> Registration Service Agreement.
>
> Personal Identifiable Information published for Internet number resources
> allocations or assignments can be retained for the historical record if
> the data was publicly available for at least a month.
>
> 2.2. Transfer of Personal Identifiable Information
>
> Personal Identifiable Information cannot be transferred to another country
> unless there is a publicly available assessment of:
>
>  (a) the nature of the Personal Identifiable Information
>
>  (b) the purpose and duration of the proposed processing of the
>     Personal Identifiable Information
>
>  (c) the country of origin and country of final destination
>
>  (d) the rules of law in force in the country in question
>
>  (e) any relevant rules and security measures which are complied with
>     in that country
>
> 3. Personal Identifiable Information Transfer Register
>
> A Personal Identifiable Information Transfer Register will be maintained
> with the following information:
>
>  (a) date of transfer of the Personal Identifiable Information
>
>  (b) nature of the Personal Identifiable Information
>
>  (c) purpose of the proposed processing of the Personal Identifiable
>      Information
>
>  (d) country of origin and country of final destination
>
> The Personal Identifiable Information Transfer Register shall be published
> through a service accessible anonymously over the Internet.  Personal
> Identifiable Information required for financial purposes is exempted from
> publication.
>
> 4. Personal Identifiable Information Leakage
>
> In the event of Personal Identifiable Information leakage, a notification
> shall be sent to the Resource Policy Discussion mailing list within a day
> of the detection of the leakage together with an explanation about the
> nature and extent of the leakage.
>
> Regards,
> S. Moonesamy
>
> ______________________________**_________________
> rpd mailing list
> rpd at afrinic.net
> https://lists.afrinic.net/**mailman/listinfo.cgi/rpd<https://lists.afrinic.net/mailman/listinfo.cgi/rpd>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20120511/6cb0328e/attachment.html>


More information about the RPD mailing list