Outline of Confidential information

Confidential information

1 Use-cases

1.1 Type 1

1.1.1 Sensitive, attributed

1.1.2 Distribution to sub-groups only

1.1.3 Governed/enforced by DSSA NDA (and project/use-specific NDAs if needed)

1.1.4 Highest standard of protection

1.2 Type 2

1.2.1 Sensitive, non-attributed

1.2.2 Distribution to sub-groups only

1.2.3 Transmitted through trusted 3rd party or summaries of Type 1 information developed by sub-group

1.2.4 Sub-group determines ultimate distribution (information provider has final say on "sanitized" versions of information they've submitted)

1.3 Type 3

1.3.1 Not sensitive, not attributed

1.3.2 Distributed to the DSSA and ultimately the public (via email list, wiki, report, etc.)

1.3.3 "Sanitized" information developed by sub-groups

1.3.4 Primarily Type 2 information that has been approved for release by the sub-group that developed it

1.4 Type 4

1.4.1 Not sensitive, attributed

1.4.2 Distributed to the public (via email list, wiki, report, etc.)

2 Open questions

2.1 Mechanisms needed

2.1.1 Tracking membership

2.1.1.1 In DSSA?

2.1.1.2 In sub-groups

2.2 Open questions

2.2.1 Code of conduct for group -- is the charter sufficient? Preliminary answer: charter is sufficient

2.2.2 Who is the trusted 3rd party for transmitting non-attributed information?

2.2.2.1 ICANN staff?

2.2.2.2 DSSA member?

2.2.2.2.1 (under special NDA?)

2.2.2.3 Contracted provider (lawyer, consultant)?

2.2.2.4 Anonymous system (NEISAS, remailer, drop-box, etc.)?

2.2.2.5 Preliminary answer: TBD

3 Dimensions

3.1 Sensitivity

3.1.1 Options

3.1.1.1 Sensitive

3.1.1.2 Not sensitive

3.1.2 Nature

3.1.2.1 Data (for analysis)

3.1.2.2 Internal processes

3.1.2.3 Trade secrets

3.1.3 Decision made by information-provider

3.1.4 May require compartmentalization across sub-groups

3.2 Attribution

3.2.1 Options

3.2.1.1 Attributed to source

3.2.1.2 Not attributed to source

3.2.2 Decision made by information-provider

3.2.3 Non-attributed info transmitted through trusted 3rd part or from sub-group "sanitizing"

3.3 Distribution

3.3.1 Options

3.3.1.1 Distribute to the public

3.3.1.2 Distribute to sub-groups

3.3.2 Sub-groups decide distribution for sensitive information (information-provider has final say)

4 Charter

4.1 Principles

4.1.1 Sub-working groups may need to access sensitive or proprietary information in order for the DSSA to do its work

4.1.2 These procedures are an exception to accountability and transparency standards

4.1.3 No formal NDA required for membership in the DSSA

4.2 Sub-working groups

4.2.1 Only required where members of sub-working groups need to access and protect confidential information

4.2.1.1 If needed: sub-WG members sign formal Affirmation of Confidentiality and Non-Disclosure agreement

4.2.1.2 If needed: project or issue-specific Non-Disclosure Agreement

4.2.1.3 If needed: separate private sub-working group email lists