Privacy of info in IP requests

  Sorry, I seem to have sent a couple of people the wrong way.
  I didn't want to point fingers to legalese...

>Just to remind everyone, ripe-104 says:
>
> 4.  IRs will keep records of correspondence and information
>     exchanges in conjunction with the registry function for later
>     review and the resolution of disputes.  IRs will hold this
>     information in strict confidence and use it only to review
>     requests and in audit procedures or to resolve disputes.

  I'm aware of that.

>The RIPE NCC makes every reasonable effort to keep the information we 
>store confidential. On the other hand we have to store it electronically
>on machines connected -albeit restrictively- to the Internet.
>
  *That's* the things that triggered me!

  Is it acceptable to have the files stored in a plain office?

  Do I have to lock the doors of my office when I leave? 
  [ I'm doing that anyway, for various other reasons...]

  Who is "the Local-IR"? My group? Just a couple of individuals? What's
  the position of my boss in this?
  [ I *certainly* don't have a problem with this in our shop ]

  If I ask the folks in another ACOnet PoP, whether they intend to
  physically and administratively connect the nets of the applicant, is
  it a problem telling them who applied for addresses? 
  [ Sure I *do* remove the more specific parts of the application, and
    when the application is granted, the person and network data is
    stored in the RIPE-DB, thus becoming public knowledge anyway...]
  
  On another aspect, when I receive an application (for a network number
  or a domain) giving person objects (admin-c's in particular!) for people
  that I did not talk to personally, should we be double-checking before
  accepting the application and putting things into the database?
  [ Right now it is our policy to cc them on the allocation and other
    correspondence...]
  
  You see, I'm not trying to find something that can stand a lawyer, I'm
  trying to find out what the "common sense" and "state of the art" and
  the "reasonable effort" and "strict confidence" is. 

  Because we no longer deal exclusively with univiersities and research
  centres, but also with regional hospitals, security departments of
  regional government, and the like.

  But I might, again, be barking at the wrong tree...

  Thanks for reading that far,
  Wilfried.

PS: Btw, this is just another thing where I think the Local-IR stuff
    overlaps the (administrative aspects of the) DNS stuff...
 --------------------------------------------------------------------------
  Wilfried Woeber                :  e-mail: Woeber at CC.UniVie.ac.at
  Computer Center - ACOnet       :  
  Vienna University              :  Tel: +43 1 4065822 355
  Universitaetsstrasse 7         :  Fax: +43 1 4065822 170
  A-1010 Vienna, Austria, Europe :  NIC: WW144
 --------------------------------------------------------------------------