RAA Critical Issues Analysis: DATA RETENTION & WHOIS



Similar documents
Domain Name Registration Agreement

Partner: Address: Tel. No.: Contact: Contact Title: Contact s Effective Date: Partner s Web Site(s):

Law Enforcement Recommendations Regarding Amendments to the Registrar Accreditation Agreement

ENOM, INC. REGISTRATION AGREEMENT

Domain and Web Hosting Agreement

CNNIC Implementing Rules of Domain Name Registration

1. The following terms and conditions apply to the domain registration Service: 1. You acknowledge and recognize that the domain name system and the

Terms and Conditions. OpenTLD / Freenom Domain Name Registration Policy / Version Table of Contents

DOMAIN NAME TERMS. Jonathan Neale

Implementation Rules of the China Internet Network Information Center for Domain Name Registration (2012)

ARTE TLD REGISTRATION POLICY

.paris Registration Policy

PRIVACY POLICY. What Information Is Collected

.paris Registration Policy

Registration Agreement

Specifications for Registrars' Interaction with Flexireg Domain Registration System

Chapter I. 1. Purpose. 2. Your Representations. 3. Cancellations. 4. Mandatory Administrative Proceeding. dotversicherung-registry GmbH

How to Transfer Domain Names and Get an Authorization Code

14. Privacy Policies Introduction

Radix Reserved Names Policy

TRANSMITTED VIA FACSIMILE, ELECTRONIC MAIL AND COURIER

Domain Registration Agreement

EPP Status Codes: What do they mean, and why should I know?

General Launch Policy

Policy Overview and Definitions

1.2 Applicant means an entity who submits an application for registration.

.SANDVIK DOMAIN NAME REGISTRATION POLICIES

Domain Name Registration Policies (Version 1.1 June 10, 2014)

.Brand TLD Designation Application

.HOMES Registration Policy. a. Registrant, "You" and "Your" refers to the individual or entity that applies for, or registers, a.homes domain name.

THIRD-LEVEL DOMAIN NAMES REGISTRATION POLICY

NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314

Company-wide Credit Card Policy

Clearinghouse Validation Terms and Conditions for Trademark Agents

Online Bill Pay Terms and Conditions

REGISTRATION AND SERVICES AGREEMENT. All capitalized terms shall have the meaning ascribed to them in this Section 1 or elsewhere in this Agreement.

OpenSRS Domain Transfers Guide. October 23, 2008

Peoples Online Services and E-Sign Agreement

Domain Name Registration Agreement (081310)

Conditions of Supply of Internet Services

1.3 By requesting us to register or manage a domain names or names on your behalf, you agree to:

.uk Registration Agreement

Code of Conduct Exemption Request Form

.hitachi Domain Name Registration Policies

TERMS AND CONDITIONS OF REGISTRATION Applicable for the top-level domain.se from May 27, 2015

Dennemeyer & Associates Terms and Conditions for Trademark Clearinghouse Services

STATUTORY INSTRUMENTS 2012 No. _

REGISTRY AGREEMENT ARTICLE 1. DELEGATION AND OPERATION OF TOP LEVEL DOMAIN; REPRESENTATIONS AND WARRANTIES

.ME. Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") (As approved by domen on November 13, 2015)

The registry has received complaints from registrants and registrars about the registry practice of deleting names pending verification.

PART 6 FORM OF STANDARD CUSTOMER ELECTRICITY SALES AGREEMENT A. STANDARD RESIDENTIAL CUSTOMER ELECTRICITY SALES AGREEMENT

.taipei Domain Registration Policy

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12. CentralNic. Version 1.0. July 31,

Regulations for Non-Trading Operations

General Terms & Conditions for the Registration of.vg Domain Names April 14, 2014

Registration Policy. 9 July Powered by. A Bombora Technologies Company

Certification Practice Statement of CERTUM s Certification Services

.INFO Agreement Appendix 1 Data Escrow Specification (22 August 2013)

XCEL ENERGY S ebill AND ebill PAYMENT TERMS OF USE

Specifications for Registrars' Interaction with the Domain Registration System During Landrush and General Registration Periods

Casey State Bank Online Banking Agreement and Disclosure

Guidance for Preparing Domain Name Orders, Seizures & Takedowns

Transcription:

RAA Critical Issues Analysis: DATA RETENTION & WHOIS This document provides the views of the Registrar Stakeholder Group Negotiating Team (the Registrar NT ) on the status of negotiations related to data retention. 1. Data Retention. a. Retention Period. Consistent with fair information practice principles and the laws of many countries, the registrar proposal establishes two different retention periods: (i) the life of the registration plus two years, or (ii) a minimum of six months. The nature of the data determines the applicable retention period. The six month minimum period was selected to provide a level playing field corresponding to the maximum retention period established in several EU member states transposing DIRECTIVE 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks. 1 ICANN would establish a life + 2 standard for all data. b. Retention Detail. ICANN s language requires registrars to collect and maintain highly detailed and sensitive payment information, including the name of the financial institution, bank routing number, any and all account numbers and associated expiration dates, security codes, and addressing information. Retention and use of this kind of information, misuse of which could result in material harm (e.g., identity theft) to the account holder, is regulated by myriad laws and by payment industry standards. Accordingly, the NT proposes to limit collection and retention obligations on means and source of payment information to that which is reasonably necessary for the Registrar to process the Registration transaction, or a transaction number provided by a third party payment processor. c. Scope. The ICANN language imposes collection and retention requirements on services that fall outside of the RAA. The ICANN accreditation process should not be used as a bootstrap to regulate other product and services offerings. Accordingly, the NT proposal is intended to limit the reach of the RAA data collection and retention requirements to services that are directly related to a specific registration and subject to the RAA. d. See Chart 1, which shows the changes made by ICANN to the Registrar NT proposed language. 2. WHOIS Verification a. ICANN s language would prohibit address resolution prior to verification. The Registrar NT proposal would permit registrations and address resolution to proceed, subject to verification within a short period following registration. b. The requires both email and telephone verification. The Registrar NT proposal would implement email verification immediately, permitting further enhancements consistent with community input and impact assessment. c. See Chart 2, which shows the changes made by ICANN to the Registrar NT proposed language. 1 That Directive requires EU member states to obligate communication service providers to retain certain communications traffic data for a period of not less than six months and not more than two years. A number of member states have chosen to limit the retention period to six months. The Directive has been challenged in a number of member states, and in those countries, six months may exceed the length of retention permitted under applicable data protection laws.

CHART 1. ICANN Changes (1 June 2012) to Registrar NT Data Retention Proposal DATA RETENTION SPECIFICATION 1. ToExcept to the extent permittedprohibited by applicable law, during the Term of this Agreement, for each Registered Name sponsored by Registrar within a gtld, Registrar shall collect and securely maintain in its own electronic database (as updated from time to time) the data specified below for the duration specified below : 1.1. Registrar shall collect the following information from registrants at the time of registration of a domain name (a Registration ) and shall maintain that information for the life of the Registration plus two years: First and last name or full legal name of registrant; First and last name or, in the event registrant is a legal person, the title of the registrant s administrative contact, technical contact, and billing contact; Postal address of registrant, administrative contact, technical contact, and billing contact; Email address of registrant,, administrative contact, technical contact, and billing contact; Telephone contact for registrant,, administrative contact, technical contact, and billing contact; WHOIS information, as set forth in the WHOIS AppendixSpecification; Types of domain name services purchased for use in connection with the Registration. 1.2. Registrar shall collect and maintain the following information for no less than one hundred and eighty (180) days following the relevant interaction: Registrar NT Notes on Changes Registrars proposed two tiered retention schedule: (1) life of registration + 2 years for certain data and (2) 6 months of sensitive financial data and log data; in each case as permitted by applicable law. ICANN has rejected in favor of single life +2 standard. It is not clear why ICANN has changed the applicable law language. retention requirements to apply to ALL services offered by a registrar INCLUDING services not subject to the RAA. Information regarding the means and source of payment reasonably necessary for the Registrar to process the Registration transaction, or a transaction number provided by a third party payment processor; Log files, billing records, or, to the extent commercially practicable, other records containing communications source and destination information, including, depending on the method of transmission: (1) Source IP address, HTTP headers, (2) the telephone, text, or fax number; (3) email address, Skype handle, or instant messaging identifier, associated with communications between Registrar and the registrant about the Registration; Log files or, to the extent commercially practicable, other records associated with the Registration containing dates, times, and time zones of communications and sessions, including initial registration. ICANN has not identified other records. Limiting obligation as proposed by Registrar NT permits standard to change as technology does, without creating unquantifiable risks. 2. Registrar shall maintain WHOIS data in accordance with the requirements of the WHOIS Accuracy Program, as set forth in the WHOIS Accuracy Program Specification. 3. This AppendixSpecification may be modified in accordance with Sections [insert] of the Registrar Accreditation Agreement.]by ICANN from time to time after consultation with the Registrar Stakeholder Group (or its successor), provided that such updates are commercially practical with respect to the registrar industry, taken as a whole. unilateral amendment rights, notwithstanding proposed amendment process.

CHART 2: ICANN Changes (1 June 2012) to Registrar NT Whois Accuracy Proposal WHOIS ACCURACY PROGRAM SPECIFICATION Registrar agrees to implement the requirements set forth in this Specification, as well as any reasonable and commercially practicablepractical updates to this Specification that are developed by ICANN andin consultation with the Registrar Stakeholder Group during the Term of the RAA. Registrar also agrees to implement changes to this Specification that become binding on Registrar as Consensus Policies or under the amendment process specified in the RAA. 1. Except as provided for in section 3 below, upon receipt of a registration request by a non validated registrantprior to allowing new registrations to resolve, Registrar will: a. Validate the presence of data for all fields required for a particular country or territory under Subsection 3.3.1. b. Validate that all email addresses are in the proper format according to RFC 5322 (or its successors). c. Validate that telephone numbers are in athe proper format such asaccording to the ITU T E.123 notation for international telephone numbers (or its successors). d. Validate that postal addresses are in a proper format for the applicable country or territory as defined in UPU S42 address templates (as they may be updated) or other standard formats. Registrar NT Notes on Changes unilateral amendment rights, notwithstanding proposed amendment process. Registrar NT proposal required verification within a short period after registration. requires verification prior to name resolution. Registrar NT proposal permitted registrars to modify data field and number formatting consistent with local standards. e. Validate that all postal address fields are consistent across fields (for example: street exists in city, city exists in state/province, city matches postal code) where such information is made available to Registrars. f. Verify the Registered Name Holder s email address by sending an email requiring an affirmative response through a tool based authentication method such as providing a unique code that must be returned in a manner designated by the Registrar. If Registrar does not receive an affirmative response, Registrar shall either verify the contact information manually or [suspend] the registration request. g. Verify the Registered Name Holder s telephone number by either (i) calling or sending an SMS to the Registered Name Holder s telephone number providing a unique code that must be returned in a manner designated by the Registrar; or (ii) calling the Registered Name Holder s telephone number and requiring the Registered Name Holder to provide a unique code that was sent to the Registered Name Holder via web, email or postal mail. If Registrar does not receive an affirmative response, Registrar shall either verify the contact information manually or cancel the registration request. 2. Except as provided in Section 3 below, within fifteen (15) calendar days after receiving any changes to contact information in Whois, Registrar will validate/verify requires telephone number verification in addition to email verification, again prior to resolution.

the changed fields in the manner specified in Section 1 above. 3. Registrar is not required to perform the above validation/verification procedures in Section 1(a) through 1(g) above, if Registrar has already successfully completed the validation/verification procedures on the identical contact information at any time and has no information suggesting that the contact information is incorrect (e.g., bounced emails).within the preceding 12 months. 4. Registrar must re verify the Registered Name Holder s email address at least once every 12 months as described in Section 1.f (for example by requiring an affirmative response to a Whois Data Reminder Policy notice). 45. Upon the occurrence of a Registered Name Holder's willful provision of inaccurate or unreliable WHOIS information, its willful failure promptly to update information provided to Registrar, or its failure to respond for over fifteen (15) calendar days to inquiries by Registrar concerning the accuracy of contact details associated with the Registered Name Holder's registration, Registrar shall either terminate the Registered Name Holder s Registration or place such registration on clienthold and clienttransferprohibited. The same applies in case the initial validation is not completed requires annual reverification of email and telephone number; even if registrar has no reason to believe that the information is incorrect. Note that the Registrar NT proposal would require reverification in response to a bounce notification on an annual WHOIS accuracy email.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information