Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AFRINIC-rpd] Regional Internet Registry Privacy - AFPUB-2012-GEN-002-draft-02

ALAIN AINA aalain at trstech.net
Sun Nov 25 22:05:42 UTC 2012 

SM,

Please, do not consider the previous mail.  I was a sent out error.


Thanks

--Alain (  who just discovered that it is time to go to bed after a long dnssec day in Khartoum)


On Nov 16, 2012, at 2:56 PM, sm+afrinic at elandsys.com wrote:

> Name: S. Moonesamy
> Email: sm+afrinic at elandsys.com
> Date: 16 November, 2012
> Reference: AFPUB-2012-GEN-002-draft-02
> 
> Title: Regional Internet Registry Privacy
> 
> Summary
> 
> Privacy is the ability of an individual to be left alone, out of public view,
> and in control of information about oneself.  This document specifies the
> privacy policy for the Regional Internet Registry handling Internet number
> resources in the AfriNIC service region.
> 
> 1. Introduction
> 
> Privacy is the ability of an individual to be left alone, out of public view,
> and in control of information about oneself.  AfriNIC, as a Regional Internet
> Registry, manages and administers Internet number resources for the AfriNIC
> service region.  It publishes information about Internet number resources on
> the Internet.  This document specifies the privacy policy for the Internet
> Registry.
> 
> Any restriction mentioned in this document is not applicable to data which
> is publicly available, e.g. data provided through a service accessible
> anonymously over the Internet.
> 
> 2. Personal Data
> 
> Personal Data shall mean any information relating to an identified or
> identifiable natural person ("data subject"); an identifiable person is one
> who can be identified directly or indirectly, in particular by reference to
> an identification number or one or more factors specific to his physical,
> physiological, mental, economic, cultural or social identity.
> 
> 3. Data Minimization
> 
> The principle of data minimization has been adopted to limit the collection
> and/or transfer of Personal Data to what is directly relevant and necessary
> for specified, explicit and legitimate purposes.  Information about whether
> any data is adequate, relevant and not excessive in relation to the purposes
> for which it is collected and/or transferred shall be made available to any
> person who is part of the Policy Development Working Group for the AfriNIC
> service region.
> 
> The Regional Internet Registry shall not collect under any circumstances
> Personal Data from an applicant of Internet number resources which can be
> used to identify more than a quarter of the users to which an applicant has
> allocated IP address space.  This is a maximum amount and not guidance about
> the amount of data considered as excessive.
> 
> 3.1. Data Retention
> 
> The retention period for Personal Data is six months.  Personal Data
> necessary for financial purposes; e.g. billing, can be retained for up to
> twelve months after the end of a Registration Service Agreement.
> 
> Personal Data published for Internet number resources allocations or
> assignments can be retained for the historical record if the data was
> publicly available for at least a month.
> 
> 3.2. Transfer of Personal Data
> 
> Personal Data cannot be transferred to another country unless there is a
> publicly available assessment of:
> 
> (a) the nature of the Personal Data
> 
> (b) the purpose and duration of the proposed processing of the
>     Personal Data
> 
> (c) the country of origin and country of final destination
> 
> (d) the rules of law in force in the country in question
> 
> (e) any relevant rules and security measures which are complied with
>     in that country
> 
> 4. Personal Data Transfer Register
> 
> A Personal Data Transfer Register will be maintained with the following
> information:
> 
>  (a) date of transfer of the Personal Data
> 
>  (b) nature of the Personal Data
> 
>  (c) purpose of the proposed processing of the Personal Data
> 
>  (d) country of origin and country of final destination
> 
> The Personal Data Transfer Register shall be published through a service
> accessible anonymously over the Internet.  Personal Data required for
> financial purposes is exempted from publication.
> 
> 5. Personal Data Leakage
> 
> In the event of Personal Data leakage, a notification shall be sent to the
> Resource Policy Discussion mailing list within a day of the detection of the
> leakage together with an explanation about the nature and extent of the
> leakage.
> 
> _______________________________________________
> rpd mailing list
> rpd at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/rpd

More information about the RPD mailing list