Privacy of info in IP requests
Wilfried Woeber, UniVie/ACOnet woeber at cc.univie.ac.at
Thu May 18 16:29:59 CEST 1995
Sorry, I seem to have sent a couple of people the wrong way. I didn't want to point fingers to legalese... >Just to remind everyone, ripe-104 says: > > 4. IRs will keep records of correspondence and information > exchanges in conjunction with the registry function for later > review and the resolution of disputes. IRs will hold this > information in strict confidence and use it only to review > requests and in audit procedures or to resolve disputes. I'm aware of that. >The RIPE NCC makes every reasonable effort to keep the information we >store confidential. On the other hand we have to store it electronically >on machines connected -albeit restrictively- to the Internet. > *That's* the things that triggered me! Is it acceptable to have the files stored in a plain office? Do I have to lock the doors of my office when I leave? [ I'm doing that anyway, for various other reasons...] Who is "the Local-IR"? My group? Just a couple of individuals? What's the position of my boss in this? [ I *certainly* don't have a problem with this in our shop ] If I ask the folks in another ACOnet PoP, whether they intend to physically and administratively connect the nets of the applicant, is it a problem telling them who applied for addresses? [ Sure I *do* remove the more specific parts of the application, and when the application is granted, the person and network data is stored in the RIPE-DB, thus becoming public knowledge anyway...] On another aspect, when I receive an application (for a network number or a domain) giving person objects (admin-c's in particular!) for people that I did not talk to personally, should we be double-checking before accepting the application and putting things into the database? [ Right now it is our policy to cc them on the allocation and other correspondence...] You see, I'm not trying to find something that can stand a lawyer, I'm trying to find out what the "common sense" and "state of the art" and the "reasonable effort" and "strict confidence" is. Because we no longer deal exclusively with univiersities and research centres, but also with regional hospitals, security departments of regional government, and the like. But I might, again, be barking at the wrong tree... Thanks for reading that far, Wilfried. PS: Btw, this is just another thing where I think the Local-IR stuff overlaps the (administrative aspects of the) DNS stuff... -------------------------------------------------------------------------- Wilfried Woeber : e-mail: Woeber at CC.UniVie.ac.at Computer Center - ACOnet : Vienna University : Tel: +43 1 4065822 355 Universitaetsstrasse 7 : Fax: +43 1 4065822 170 A-1010 Vienna, Austria, Europe : NIC: WW144 --------------------------------------------------------------------------
[ lir-wg Archives ]