Hi SM,<br><br>I realise that you have had no official communication on your proposal from the pdwg.<br><br>Apologies for that, we are discussing the agenda for the Open Policy Hour at a meeting <br>of the pdwg co-chairs in the Gambia before the PPM. <br>
<br>Since your proposal was not sent in time to be put on the agenda for the PPM, would it be <br>ok if we put it in the Open Policy Hour with the other proposals that were made after the deadline?<br><br>Will you attend the meeting in the Gambia?<br>
<br>Best Regards,<br><br>McTim<br>PDWG co-chair<br><br><br><div class="gmail_quote">On Sat, May 5, 2012 at 3:02 PM, <span dir="ltr"><<a href="mailto:sm+afrinic@elandsys.com" target="_blank">sm+afrinic@elandsys.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Name: S. Moonesamy<br>
Email: <a href="mailto:sm%2Bafrinic@elandsys.com" target="_blank">sm+afrinic@elandsys.com</a><br>
Date: 5 May, 2012<br>
Version: 1<br>
<br>
Title: Regional Internet Registry Privacy<br>
<br>
Summary<br>
<br>
Privacy is the ability of an individual to be left alone, out of public view,<br>
and in control of information about oneself. This document specifies the<br>
privacy policy for the Regional Internet Registry handling Internet number<br>
resources in the AfriNIC service region.<br>
<br>
1. Introduction<br>
<br>
Privacy is the ability of an individual to be left alone, out of public view,<br>
and in control of information about oneself. AfriNIC, as a Regional Internet<br>
Registry, manages and administers Internet number resources for the AfriNIC<br>
service region. It publishes information about Internet number resources on the<br>
Internet. This document specifies the privacy policy for the Internet<br>
Registry.<br>
<br>
Any restriction mentioned in this document is not applicable to data which<br>
is publicly available, e.g. data provided through a service accessible<br>
anonymously over the Internet.<br>
<br>
2. Data Minimization<br>
<br>
The principle of data minimization has been adopted to limit the collection<br>
and/or transfer of Personal Identifiable Information (PII) to what is<br>
directly relevant and necessary for specified, explicit and legitimate<br>
purposes. Information about whether any data is adequate, relevant and<br>
not excessive in relation to the purposes for which it is collected and/or<br>
transferred shall be made available to any person who is part of the Policy<br>
Development Working Group for the AfriNIC service region.<br>
<br>
The Regional Internet Registry shall not collect under any circumstances<br>
Personal Identifiable Information from an applicant of Internet number<br>
resources which can be used to identify more than a quarter of the users<br>
to which an applicant has allocated IP address space. This is a maximum<br>
amount and not guidance about the amount of data considered as excessive.<br>
<br>
2.1. Data Retention<br>
<br>
The retention period for Personal Identifiable Information is three months.<br>
Personal Identifiable Information necessary for financial purposes; e.g.<br>
billing, can be retained for up to twelve months after the end of a<br>
Registration Service Agreement.<br>
<br>
Personal Identifiable Information published for Internet number resources<br>
allocations or assignments can be retained for the historical record if<br>
the data was publicly available for at least a month.<br>
<br>
2.2. Transfer of Personal Identifiable Information<br>
<br>
Personal Identifiable Information cannot be transferred to another country<br>
unless there is a publicly available assessment of:<br>
<br>
(a) the nature of the Personal Identifiable Information<br>
<br>
(b) the purpose and duration of the proposed processing of the<br>
Personal Identifiable Information<br>
<br>
(c) the country of origin and country of final destination<br>
<br>
(d) the rules of law in force in the country in question<br>
<br>
(e) any relevant rules and security measures which are complied with<br>
in that country<br>
<br>
3. Personal Identifiable Information Transfer Register<br>
<br>
A Personal Identifiable Information Transfer Register will be maintained<br>
with the following information:<br>
<br>
(a) date of transfer of the Personal Identifiable Information<br>
<br>
(b) nature of the Personal Identifiable Information<br>
<br>
(c) purpose of the proposed processing of the Personal Identifiable<br>
Information<br>
<br>
(d) country of origin and country of final destination<br>
<br>
The Personal Identifiable Information Transfer Register shall be published<br>
through a service accessible anonymously over the Internet. Personal<br>
Identifiable Information required for financial purposes is exempted from<br>
publication.<br>
<br>
4. Personal Identifiable Information Leakage<br>
<br>
In the event of Personal Identifiable Information leakage, a notification<br>
shall be sent to the Resource Policy Discussion mailing list within a day<br>
of the detection of the leakage together with an explanation about the<br>
nature and extent of the leakage.<br>
<br>
Regards,<br>
S. Moonesamy<br>
<br>
______________________________<u></u>_________________<br>
rpd mailing list<br>
<a href="mailto:rpd@afrinic.net" target="_blank">rpd@afrinic.net</a><br>
<a href="https://lists.afrinic.net/mailman/listinfo.cgi/rpd" target="_blank">https://lists.afrinic.net/<u></u>mailman/listinfo.cgi/rpd</a><br>
</blockquote></div><br><br>