You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 44 Next »

(green star)Objective

Consistent with ICANN’s mission and Bylaws, Section 4.6(e)(ii), the review team will assess the extent to which the implementation of today’s WHOIS (the current gTLD RDS) safeguards registrant data by (a) identifying the lifecycle of registrant data, (b) determining if/how data is safeguarded in each phase of that lifecycle, (c) identifying high-priority gaps (if any) in safeguarding registrant data, and (d) recommending specific measureable steps (if any) the team believes are important to fill gaps. 

Background Documents

Further background documents may be found on the Review Team's overall Background Materials page.


(blue star) Leader/Rapporteur: Alan Greenberg

(blue star)Members: Alan Greenberg, Dmitry Belyavsky, Stephanie Perrin, Volker Greimann

(blue star)Mailing-list archives:  http://mm.icann.org/pipermail/rds-whois2-safeguard/

(blue star)Conference calls

(blue star)Review Team Templates: see here


Subgroup Documents

Date

Document (Versions in Red are latest)

File

Subgroup report

 

v7 (incl. FtoF #3 Agreements)DOCX

 

v6DOCX

 

v5DOCX

 

v4DOCX

 

v3DOCX

 

v2DOCX

 

v1DOCX
Face-to-Face Mtg #2 Slides - Findings

 

v2

PPTX

 

v1PPTX
Work plan (as per Alan's email)

 

v1EMAIL
Planning questions

 

v2PPTX

 

v1PPT
First Pass Document

 

v4DOCX

 

v3DOCX

 

v2

DOCX

 

v1DOCX

Open Actions/Requests

*To be provided once reasonable date is determined by appropriate subject-matter expert

Item #Source of RequestDate of RequestAction Item RequestAction Owner

Anticipated Completion Date*

Progress Notes
9FtoF #3

 

Alan to update Rec SG.1 to reflect agreements reached.

Alan

8#35

 

Subgroup 5 | Safeguarding Registrant Data - Alan to update the draft recommendation text that appears in brackets [ICANN should similarly consider whether contractual requirement are needed to require registrars, registries and escrow provides to notify registrants in the event of data breaches.] regarding breach notification to serve as the basis for discussion at the face-to-face meeting #3.Alan

Completed Actions/Requests

*To be provided once reasonable date is determined by appropriate subject-matter expert

Item #Source of RequestDate of RequestAction Item RequestAction Owner

Anticipated Completion Date*

Progress NotesCompleted ResponseCompletion Date
7Email

Contract signed with escrow providers so that we may understand what processes, constraints or rules escrow providers are subject to regarding safeguarding data while under their custody and in relation to any data breaches that may be discovered. If the contracts are all substantially identical, then the standard boiler-plate contract will be sufficient. ICANN org

Email

 

6#27

 

Subgroup members to send a quick status update to the review teamSubgroup

Plenary Call #28

 

5#26

 

Alan to confirm revisions made RT agreements. Alan

Email

 

4#26

 

Stephanie to provide draft formulation to AlanStephanie

Report

 

3#26

 

Alan to refine question number 3.Alan

Report

 

2#26

 

Questions for ICANN org :

○       What are contractual requirements to secure stored escrow data

○       What are contractual requirements to notify ICANN in the event of breach

○       How do you secure registrant data under your control?

ICANN org

Email

 

1#25

 

Alan plans to share his first draft of subgroup draft report with the subgroup/RT for review in parallel by the end of the weekend.Alan

Email

 

Decisions Reached

Source of requestDateDecision
FtoF #3

 

Update findings but retain recommendation for review by data security experts. Do not include a recommendation regarding registrant notification.



  • No labels