Versions Compared

Old Version 32

changes.mady.by.user Alice Jansen

Saved on

compared with

New Version Current

changes.mady.by.user Alice Jansen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
(green star)Objective

Consistent with ICANN’s mission and Bylaws, Section 4.6(e)(ii), the review team will assess the extent to which the implementation of today’s WHOIS (the current gTLD RDS) safeguards registrant data by (a) identifying the lifecycle of registrant data, (b) determining if/how data is safeguarded in each phase of that lifecycle, (c) identifying high-priority gaps (if any) in safeguarding registrant data, and (d) recommending specific measureable steps (if any) the team believes are important to fill gaps. 

Background Documents

Further background documents may be found on the Review Team's overall Background Materials page.


(blue star) Leader/Rapporteur: Alan Greenberg

(blue star)Members: Alan Greenberg, Dmitry Belyavsky, Stephanie Perrin, Volker Greimann

(blue star)Mailing-list archives:  http://mm.icann.org/pipermail/rds-whois2-safeguard/

(blue star)Conference calls

(blue star)Review Team Templates: see here


Subgroup Documents

Date

Document (Versions in Red are latest)

File

Subgroup report

 

v9DOCX

 

v8DOCX

 

v7 (incl. FtoF #3 Agreements)DOCX

 

v6DOCX

 

v5DOCX

 

v4DOCX

 

v3DOCX

 

v2DOCX

 

v1DOCX
Face-to-Face Mtg #2 Slides - Findings

 

v2

PPTX

 

v1PPTX
Work plan (as per Alan's email)

 

v1EMAIL
Planning questions

 

v2PPTX

 

v1PPT
First Pass Document

 

v4DOCX

 

v3DOCX

 

v2

DOCX

 

v1DOCX

Open Actions/Requests

*To be provided once reasonable date is determined by appropriate subject-matter expert

Item #Source of RequestDate of RequestAction Item RequestAction Owner

Anticipated Completion Date*

Progress Notes

Completed Actions/Requests

*To be provided once reasonable date is determined by appropriate subject-matter expert

Item #Source of RequestDate of RequestAction Item RequestAction Owner

Anticipated Completion Date*

Progress NotesCompleted ResponseCompletion Date
10#37

 

Modify language to specify that level of data breach should be the subject of discussion with data security expert(s)

Alan

 


DOCX

 

9FtoF #3

 

Update Rec SG.1 to reflect agreements reached.Alan

 


DOCX

 

8#35

 

Subgroup 5 | Safeguarding Registrant Data - Alan to update the draft recommendation text that appears in brackets [ICANN should similarly consider whether contractual requirement are needed to require registrars, registries and escrow provides to notify registrants in the event of data breaches.] regarding breach notification to serve as the basis for discussion at the face-to-face meeting #3.Alan



7Email

 

Contract signed with escrow providers so that we may understand what processes, constraints or rules escrow providers are subject to regarding safeguarding data while under their custody and in relation to any data breaches that may be discovered. If the contracts are all substantially identical, then the standard boiler-plate contract will be sufficient.
If the contracts are significantly tailored, the we request copies of the actual contracts for Iron Mountain and one other provider. If that requires a non-disclosure agreement, we are willing to sign one.
ICANN org
TBD

Completed Actions/Requests

*To be provided once reasonable date is determined by appropriate subject-matter expert



Email

 

Item #Source of RequestDate of RequestAction Item RequestAction Owner

Anticipated Completion Date*

Progress NotesCompleted ResponseCompletion Date
6#27

 

Subgroup members to send a quick status update to the review teamSubgroupCLOSED

Plenary Call #28

 

CLOSED

5#26

 

Alan to confirm revisions made RT agreements. AlanCLOSED

Email

 

CLOSED

4#26

 

Stephanie to provide draft formulation to AlanCLOSEDStephanie

Report

 

CLOSED

3#26

 

Alan to refine question number 3.CLOSEDAlan

Report

 

CLOSED

2#26

 

Questions for ICANN org :

○       What are contractual requirements to secure stored escrow data

○       What are contractual requirements to notify ICANN in the event of breach

○       How do you secure registrant data under your control?

CLOSEDICANN org

Email

 

CLOSED

1#25

 

Alan plans to share his first draft of subgroup draft report with the subgroup/RT for review in parallel by the end of the weekend.Alan

Email

 

Decisions Reached

Source of requestDateDecision
FtoF #3

 

Update findings but retain recommendation for review by data security experts. Do not include a recommendation regarding registrant notification.