[ripe-list] [ncc-announce] [news] New RIPE NCC Ticketing System and Contact Form

Dear Jim and all,

We took the decision to move to a third party specialising in ticketing
systems rather than continue to update our in-house system. This was to
accommodate growing needs for efficiency and functionality. We needed a
more resilient system that would meet the needs of our 18,000-strong
membership.

We ask members not to attach privacy-related documentation and instead
to submit it via secure RIPE NCC processes, i.e. the request forms
available through their LIR account or via the contact form on the RIPE
NCC website. By following these procedures, all documentation is stored
securely on RIPE NCC servers. If sensitive personal information is
attached to an email, we delete that information from Zendesk once the
information is moved to RIPE NCC servers. We also made members aware of
these changes well in advance of starting to use Zendesk:
https://www.ripe.net/ripe/mail/archives/ncc-announce/2017-August/001189.html

As was noted, Zendesk guarantees that it is GDPR-compliant and the
services we use are located by contract on servers in the EU. This in
itself mitigates some of the concerns that have been raised. Zendesk is
a well-established provider of these services, and we believe that their
solution is likely to be maintained. And although we believe the
likelihood of this company failing to meet our needs in future is very
small, we have considered the risk and believe we can make any changes
to our processes that scenario would require.

We'd like to note that the quoted sections of Zendesk's privacy policy
refer to activities that take place on their website. The RIPE NCC
mitigated these concerns by choosing not to use these elements of the
Zendesk solution.

We can continue the discussion at the RIPE NCC Services WG in Marseilles
in May and we are happy to take feedback on our approach.

Best regards,

Andrew de la Haye
Chief Operations Officer
RIPE NCC


On 28/02/2018 10:40, Jim Reid wrote:
> 
>> On 28 Feb 2018, at 08:57, Hans Petter Holen <hph at oslo.net> wrote:
>>
>> It would be far more constructive if you could share what is not appropriate in the privacy policy and why.
> 
> Hans Petter, I thought I’d already done that by quoting extracts from that policy. 
> 
> In short, you are fodder for our marketroids (and those of our unnamed partners). We’ll use tracking cookies so advertisers can monitor you. We will spam you too. Oh and you agree your personal data will be thrown over the wall to unknown third parties. Have a nice day. [I lied about the last bit. :-)]
> 
> NCC services and the NCC should not be party to any of that. I’m surprised this needs to be explained.
> 
> Aside from that, I made a much more important point about outsourcing important functions to the cloud: what happens when the provider goes bust or changes their T&Cs or achieves lock-in?
> 
> 
> 
>