[lac-discuss-en] RV: ICANN News Alert - ICANN Seeks Public Comment on 2013 RAA Data Retention Specification Data Elements and Legitimate Purposes for Collection and Retention
asoto at ibero-americano.org
asoto at ibero-americano.org
Thu Mar 27 03:59:55 UTC 2014
[[--Translated text (es -> en)--]]
Subject: Re: RV: ICANN News Alert - ICANN Seeks Public Comment on 2013 RAA Data Retention Specification Data Elements and Legitimate Purposes for Collection and Retention
From: asoto at ibero-americano.org
Ada and all. Our laws (Uruguay and Argentina), inspired ESTN
LSI espaola, asque may differ somewhat in form but not in substance.
Argentina's Law of Personal Data Protection does not speak of retention of
data communications. S, there was a law on this last topic, but was
left in suspension by the numerous criticisms received.
The Act Argentina is the No. 25326, which also defines personal data
(Information of any kind referred to physical persons or existence
ideally determined or determinable, and sensitive data (personal data
revealing racial and ethnic background, policies opinions, convictions
religious, Philosophical or moral, union affiliation and information
concerning health or sex life).
Also defines Data processing: Operations and procedures
sistemticos, electrnicos or not, enabling the recoleccin, conservation,
ordenacin, storage, modification, relationship, evaluation,
blockade, destruction, and general processing of personal data, as
as also his third cesina to Travs communications, consultations,
interconnections or transfers.
With regard to information security, our law says: 1. The
responsible or user data file must adopt measures techniques
and organizational measures necessary to ensure the safety and
confidentiality of personal data, in order to avoid adulteracin,
loss, or unauthorized consultation, and to detect
deviations, intentional or otherwise, of information, whether the risks
from human action or technician medium used.
Two. It is prohibited to record personal data in files, records or
banks not renan techniques Payment integrity and security.
Regarding confidentiality: 1.The persons responsible and
involved at any stage of the processing of personal data ESTN
bound to secrecy regarding the same. Such obligation
subsistiraun completed after his relationship with the owner of the file
data.
Two. The forced podrser relieved of secrecy by resolution
court and for compelling grounds relating to public safety,
national defense or public health.
Regarding the Cesin Data: 1. Personal data object
treatment can only be assigned to fulfill the purposes
directly related to the legitimate interest of the transferor and
assignee and with the consent of the owner of the data, which
must be informed about the purpose of identifying the CESINE
transferee or the elements to do so.
After this long introduction, I must agree with you on virtually
everything.
I understand that both a Registrar as a Registrant, have (or MUST
have!) an appropriate technology infrastructure needs.This is
say that they have an adequate system of information security, with
separations between their servers and production management areas,
including systems development if they have this area. In addition to
its internal communications network, separated and denied access
between different areas, elemental a service provider
internet. This, in addition to comply with the local laws of protection of
personal data.
This would involve, for example, that the data elements described in the
points 1.1.8 (Processing recurring payments) and 1.2.1. (Information
on concurrent payments) ESTN sheltered in a different place
elements Whois data, which access to them is
only possible for this last free, and internal staff
registrar or registrant to information of the aforementioned tems, which
contain associated names, credit cards, addresses, etc.. It
states that if the source of payment information is deleted, not a registrant
tendrmanera evaluate claims dispute facturacino
Returns the position of the process.In many cases in dispute with
credit cards or bank charges.
The legislation this estrelacionado with each country. In Argentina, the
credit cards and banks have the obligation to keep such
of information for many years and in this time I do not remember if there are seven
or ten years. If as there are at least two places with information
necessary.
With regard to the issues of hacking, irregular domain sale by deception
Buyer, etc.., speaks of a aooms of data retention. This
term must have prescripcin relationship with the crime,
because if barred two years, I should not keep them for three years.
I understand that retention periods are set, because this issue has been and
remains very controversial because it requires storage measures
additional security, etc.. And msan being traffic data.
I hope I have not bored
Best Regards
Alberto Soto
From: Aida Noblia [mailto: aidanoblia at gmail.com]
Posted on: Wednesdays, March 26, 2014 4:55 pm
To: Alberto Soto
CC: Fatima Cambronero; LACRALO Espaol
Subject: Re: [lac-discuss-en] Re: [ALAC-Announce] ICANN News Alert - ICANN
Seeks Public Comment on 2013 RAA Data Retention Data Elements Specification
and Legitimate Purposes for Collection and Retention
Fatima, Alberto, Alejandro and all
Ses understand that a very important issue, and also in the complex
laws, I could not attend the roundtable mencionFtima is
You can listen any recording? is still some time for
comments? I am not clear what is the closing date for comments.
National legislation on protection of personal data are
rather strict, and also the right of access to information
pblica because ahestara the limit necessary to know what can and
must publish and what not, with quextensin, for how long, quines
they can do it, you can publish lbremente qudatos cules and require
free, express, written consent of the owner ...
In Uruguay the Law 18331 and its implementing regulations refer to the
protection of personal data (qualified in two types (sensitive or not)
As a human right protected by the constitution of the Republic. It
provides the owner of the personal data ARCO rights acronym that
level legislation includes right to access the database,
Corrigendum of Erroneous or modified in reality data correction
of Erroneous or inaccurate data and Oposicina done what the law calls
"Treatment" of the data that is generally any use of such data
personal, without the express written consent of its owner.
There is a Regulatory Unit Registration and Control of such data by the
Agency electronic government, in the Register of the Specifications
contain mandatory for all personal data that has a base, and
is of public or private persons, controls, and procedures performed
auditing and punishing violators with fines and even closure of the
database.
There is a base charge and take charge of the practice by
account of others or their own. The law regulates their responsibilities. The
Database Owner, or physical person jurdica is responding by
use or processing of personal data to the owner of that data.
An when they can use or deal in certain circumstances,
consent of the owner or in cases of data that supports your
treatment without l, personal data can not be used for other
purposes for which the owner permitted use.
The base is responsible for its own use or who decides: Data
personal is collected for a purpose and should be eliminated one
Once cumplila purpose for which it was collected, can be
transmit only in certain conditions .. etc.. It is the responsibility of the
base, which can be physical or legal person to whom the owner of the
Data may be enforced or penalties that may apply.
With variations, this is repeated in the legislation. In case of transfer
international data international law applies, and therefore there will
to analyze what is the applicable law and jurisdiction competition.
In the case of ICANN, the owner of the database is not ICANN, for
therefore is not legally responsible for processing that may occur to the
personal data.
According saw, in the system of the new agreement, the service is outsourced,
To improve it in terms of the quality of the data and also about its
treatment, but that does not mean the change of ownership.
So ICANN agrees the "excencin" of data retention in some
analyzing specific cases and by a special procedure, but
harming the intended service users improve this
new medium.
This is done at the request of the records to be released from their
liability because by not having to keep the data in accordance with
According to ICANN no longer have to answer to the law for their
conservation, damage, misuse, etc.. It emphasizes the need for the
good faith by the owner or holder of the database (check in)
which contains the data, though this good faith is a matter of difficult
certain proof.
Also, to not keep such data prevents any possibility
fulfill the functions of ICANN in such cases, with respect to the prevention of
damages that may result from misuse of domain names and
similar.
The issue in each case is to analyze these requests, if you really
retention of such data is necessary for the service prestacin
to Travs registry is provided or if it constitutes a violation of the
law. The blog that cases can be referred to and do not appear
so rare. And the position of registrars is clearly find that
facilitate their task. but in this case may be against the effectiveness and
completeness of the service provided by ICANN. From what has already been given and can
see on the web, it seems that security prevails. But the ms allde
presentation requirements of having the case (with reports of attorney, etc.
) Should be studied very well in that case is given rather than presumed
good faith as a way to resolve these cases.
Otherwise give an endorsement by the owners of the Records
released from liability, affect the risk of compliance
other obligations, affect all other obligations of the
Register and its owner as dueoo who treats data.
As decan seems a matter of interest.
Regards
3/22/2014 20:59 GMT-03: 00 Alberto Soto <asoto at ibero-americano.org
<mailto:asoto at ibero-americano.org> >:
Fatima, only Sern 04:00 am in Buenos Aires but I promise participate.
Thank you!
Alberto Soto
From: Fatima Cambronero [mailto: fatimacambronero at gmail.com
<mailto:fatimacambronero at gmail.com> ]
Posted on: by saturday, March 22, 2014 8:54 pm
To: Alberto Soto
CC: Dr. Alejandro Pisanty Baruch; LACRALO Espaol
Subject: Re: [lac-discuss-en] Re: [ALAC-Announce] ICANN News Alert - ICANN
Seeks Public Comment on 2013 RAA Data Retention Data Elements Specification
and Legitimate Purposes for Collection and Retention
Alejandro, Alberto,
I share the view of that we are facing an interesting topic
deberamos to analyze and speak out from our region.
The da Monday 24 at 15 pm. Local Singapore estprevista a Table
Round about Directory Services Registration: present and future. If
While this issue is not specifically on the agenda estincluido of the meeting is
closely related perhaps a topic that appears in the discussions.
It will be good to participate in this Roundtable to hear and discuss the
comments you may have about it. I understand that the hours of
our countries is in a strip a little complicated. I'll be
attending this meeting. If there sb who want to comment or view
to get, I offer to transmit.
This is the link to the agenda of the Roundtable:
https://community.icann.org/display/atlarge/At-Large+Roundtable+on+Registrat
< https://community.icann.org/display/atlarge/At-Large+Roundtable+on+Registra
tion + Directory + Services% 3A + Now + and + the + Future + - +2014.03.24 + - + Singapore>
ion + Directory + Services% 3A + Now + and + the + Future + - +2014.03.24 + - + Singapore
That link to the Adobe Connect: https://icann.adobeconnect.com/sin49-vip/
(This is the same for all meetings of At-Large of the week).
Best Regards,
Fatima Cambronero
3/21/2014 23:40 GMT-03: 00 Alberto Soto <asoto at ibero-americano.org
<mailto:asoto at ibero-americano.org>
<mailto:asoto at ibero-americano.org <mailto:asoto at ibero-americano.org> >>:
I think the interest should be sufficient. It is just one of the topics
make the existence of end-user oriented entities Internet
ie U.S..
Surely there are different laws for each country, at least in
some substantial tems. Although there are countries that do not have an legislation.
There are 30 days for comments, there is little time for the importance of the subject.
Suggest that very quickly the respective ALS each country of our
Regin, read the history of this item, then inform the
legislacin force in their respective country, with reviews.Also I suggest
that for this first phase, the closing date is the Friday Prximo
28/03/2014.
Also suggest that those who are participating in Singapore, are exempt from
participate, have very important things to do for us.
Best Regards
Alberto Soto
----- Original Message -----
From: lac-discuss-es-bounces at atlarge-lists.icann.org
<mailto:lac-discuss-es-bounces at atlarge-lists.icann.org>
<mailto:lac-discuss-es-bounces at atlarge-lists.icann.org
<mailto:lac-discuss-es-bounces at atlarge-lists.icann.org> >
[Mailto: lac-discuss-es-bounces at atlarge-lists.icann.org
<mailto:lac-discuss-es-bounces at atlarge-lists.icann.org>
<mailto:lac-discuss-es-bounces at atlarge-lists.icann.org
<mailto:lac-discuss-es-bounces at atlarge-lists.icann.org> >] On behalf of Dr.
Alejandro Pisanty Baruch
Posted on: Friday, March 21, 2014 11:25 pm
To: lac-discuss-es at atlarge-lists.icann.org
<mailto:lac-discuss-es at atlarge-lists.icann.org>
<mailto:lac-discuss-es at atlarge-lists.icann.org
<mailto:lac-discuss-es at atlarge-lists.icann.org> >
Subject: [lac-discuss-en] Re: [ALAC-Announce] ICANN News Alert - ICANN Seeks
Public Comment on Data Retention RAA 2013 Specification and Data Elements
Legitimate Purposes for Collection and Retention
Colleagues,
called Annex may have significant legal implications in our
region. Let us summon experts in protection of personal data and other
issues related to data retention (Computational forensics, law
telecommunications, Civil Marco in the case of Brazil) to
form a opininslida, if there is enough interest.
Alejandro Pisanty
---------------------------
Dr. Alejandro Pisanty
UNAM Faculty of Chemistry
3000 University Avenue, 04510 Mexico DF Mexico
+52-1-5541444475 <tel:%2B52-1-5541444475> FROM ABROAD
+525541444475 <tel:%2B525541444475> SMS +525541444475 FROM MEXICO
<tel:%2B525541444475>
Blog: http://pisanty.blogspot.com
LinkedIn: http://www.linkedin.com/in/pisanty
Join the LinkedIn group UNAM,
http://www.linkedin.com/e/gis/22285/4A106C0C8614
Twitter: http://twitter.com/apisanty
---- >> Join ISOC Mexico, http://www.isoc.org
. . . . . . . . . . . . . . . .
________________________________________
From: alac-announce-bounces at atlarge-lists.icann.org
<mailto:alac-announce-bounces at atlarge-lists.icann.org>
<mailto:alac-announce-bounces at atlarge-lists.icann.org
<mailto:alac-announce-bounces at atlarge-lists.icann.org> >
[Alac-announce-bounces at atlarge-lists.icann.org
<mailto:alac-announce-bounces at atlarge-lists.icann.org>
<mailto:alac-announce-bounces at atlarge-lists.icann.org
<mailto:alac-announce-bounces at atlarge-lists.icann.org> >] On behalf of
ICANN
At-Large
Staff [staff at atlarge.icann.org <mailto:staff at atlarge.icann.org>
<mailto:staff at atlarge.icann.org <mailto:staff at atlarge.icann.org> >] Sent
on: Friday, March 21, 2014
20:00
To: ALAC-Announce at atlarge-lists.icann.org
<mailto:ALAC-Announce at atlarge-lists.icann.org>
<mailto:ALAC-Announce at atlarge-lists.icann.org
<mailto:ALAC-Announce at atlarge-lists.icann.org> >
Subject: [ALAC-Announce] ICANN News Alert - ICANN Seeks Public Comment on
RAA 2013 Specification Data Retention Data Elements and Legitimate Purposes
for Collection and Retention
[Http://www.icann.org/images/gradlogo_bow.jpg] <http://www.icann.org/>
News Alert
http://www.icann.org/en/news/announcements/announcement-3-21mar14-en.htm
________________________________
ICANN Seeks Public Comment on 2013 RAA Data Retention Data Specification
Elements and Legitimate Purposes for Collection and Retention
21 March 2014
ICANN has-been in discussions with a number of Registrars Regarding data
retention requests waiver ("Waiver Requests") submitted under the 2013
Registrar Accreditation Agreement (the "2013 RAA").Some Registrars are
seeking an exemption from Un certain collection and / or retention requirements
under the Data Retention Specification (the "Specification") of the 2013
RAA. Section 2 of the Data Retention Specification sets forth requirements
Regarding the written materials to register must submit in support of its
good faith determination That the collection and / or retention of any data
element specified in the Specification Violates applicable law, and Provides
That Following notice to ICANN of the Waiver Request, ICANN and the
Register applicable Shall discuss the matter in good faith in an effort to
reach a mutually acceptable resolution of the matter. An update on the 2013
RAA data retention and the waiver process can be found here:
http://blog.icann.org/2014/02/update-on-2013-raa-and-data-retention-waiver-p
<http://blog.icann.org/2014/02/update-on-2013-raa-and-data-retention-waiver-
<http://blog.icann.org/2014/02/update-on-2013-raa-and-data-retention-waiver-
process />
process />
rocess /
ICANN staff Understands That data Should be Treated in Accordance with
applicable data protection laws, que Generally permit gathering and
personnel retention of data for legitimate purpose (s). ICANN Also Understands
That the law may vary from country to country as to (i) what is Considered to
legitimate purpose, (ii) Whether the personnel data is adequate, relevant and
not excessive in relation to the legitimate purpose for Which They are
collected and (iii) how long for Un Certain data elements May be Retained. In
other words, what is Considered a legitimate purpose for collection of
Un certain data in one country May not be Considered a legitimate purpose in
another country.
During ICANN's discussions in an effort to reach a mutually acceptable
resolution of the matter, some have Requested That ICANN Registrars (a)
AMclarify and better define Un certain data elements in the Data Described
Retention Specification Maintain That the Registrars are not Clearly
defined, and (b) describes Potentially legitimate ministering purposes for collection and
retention of each data element That would help Provide guidance for
Both Whether Registrars Such elements as to Lawfully May be collected, and,
if so, for how long Such elements Lawfully Might be Retained.
In response to requests from some These Registrars, ICANN is posting for
seeking public comment a document to what is meant by AMclarify Un certain data
elements Described in the Specification and Describing Data Retention
Potentially legitimate ministering purposes for collection and retention of Those data
elements. That document can be found
here <http://www.icann.org/en/resources/registrars/raa/draft-data-retention-s
<http://www.icann.org/en/resources/registrars/raa/draft-data-retention-spec-
<http://www.icann.org/en/resources/registrars/raa/draft-data-retention-spec-
elements-21mar14-en.pdf>
elements-21mar14-en.pdf>
Breast-elements-21mar14-en.pdf> [PDF, 116 KB]. The document will be posted for
a period of thirty (30) days to seek feedback and input from the community
on (i) Whether the data elements are Appropriately described, (ii) Whether
ministering purposes cited for the collection and retention are Appropriate and
legitimate, and (iii) Whether there are other legitimate Potentially
ministering purposes for collection and retention of data Such elements. After the
thirty (30) day period has expired Following this posting, ICANN will
Consider all feedback and input received in Connection with Ongoing ICANNs
discussions to reach a mutually acceptable resolution of Waiver Requests. In
the interim, ICANN will continue its Ongoing discussions to reach a mutually
acceptable resolution of Waiver Requests with Single Registrars With the
additional goal of Granting Waiver Requests as and when to Appropriate.
A public comment period will REMAIN open until 11:59 p.m. PDT / California, 21
April 2014. Public comments will be available for consideration by ICANN
ICANN staff and the Board.
* Comments can be posted to:
comments-retention-21mar14 at icann.org
<mailto:comments-retention-21mar14 at icann.org>
<mailto:comments-retention-21mar14 at icann.org
<mailto:comments-retention-21mar14 at icann.org> >
<mailto:comments-retention-21mar14 at icann
<mailto:comments-retention-21mar14 at icann>
<mailto:comments-retention-21mar14 at icann
<mailto:comments-retention-21mar14 at icann> >
. Org>
* Comments can be viewed at:
http://forum.icann.org/lists/comments-retention-21mar14/
_______________________________________________
[[--Original text (es)
http://mm.icann.org/transbot_archive/2f37d0c19f.html
--]]
More information about the lac-discuss-en
mailing list