Summary of Expert Working Group on gtld Directory Services June 2014 Final Report
|
|
- Jeffery McGee
- 5 years ago
- Views:
Transcription
1 Summary of Expert Working Group on gtld Directory Services June 2014 Final Report 1) Overview/Purpose ICANN formed an Expert Working Group (EWG) on gtld Directory Services to discuss how to replace the current WHOIS system with a next generation Registration Directory Service (RDS). Based on the deficiencies in today s WHOIS system, as identified by numerous community reports and studies, the EWG aims to design a system to support domain name registration and maintenance that (1) provides appropriate access to accurate, reliable, and uniform registration data, (2) protects the privacy of personal information, (3) enables a reliable mechanism for identifying, establishing and maintaining the ability to contact Registrants, (4) supports a framework to address issues involving Registrants, and (5) provides an infrastructure to address appropriate law enforcement needs. The EWG published its initial report (Initial Report) in June 2013, concluding that the current WHOIS model that gives every user the same anonymous public access to gtld registration data should be abandoned. This recommendation was based on past reports identifying WHOIS deficiencies and the varying stakeholders that use today s WHOIS system. Later, in November 2013, the EWG published a Status Update Report to provide more detail on the Initial Report. Then, based on the feedback received on both the Initial Report and Status Update Report, the EWG published another report in March 2014, focusing on: (1) existing cctld and commercial data validation practices, (2) existing Privacy/Proxy service provider practices, (3) exploration of organizations capable of accrediting RDS users, (4) analysis of RDS risks/benefits and costs. Some of the WHOIS deficiencies identified by the EWG 1 include (1) little accountability or ability to remedy mining and abuse given anonymous public access of all data elements, (2) limited ability to protect the privacy of individuals, (3) limited ability to ensure integrity of registration data, (4) lack of security features, (5) lack of auditing capabilities, (6) access that is not directly linked to stated legitimate purposes, (7) inconsistent WHOIS query interfaces and responses, (8) lack of support or standards for displaying internationalized registration data, (9) limited ability to apply different rules to conform to differing data privacy regimes, (10) unacceptable accuracy levels that create inefficiencies for those that want to communicate with Registrants, (11) cumbersome management process for updating contacts across multiple domain names, (12) difficulties in identifying and communicating with customers of privacy and proxy services, (13) no regulation or 1 See p118 for a chart of the WHOIS deficiencies and the corresponding links to the sections in the Report that address such deficiencies.
2 privacy or proxy services beyond the 2013 RAA requirements that apply only to Registrars and their affiliates. The Final Report is divided into the following sections: (1) the EWG mandate, purpose, and outputs, (2) users and purposes, (3) improving accountability, (4) improving data quality, (5) legal and contractual considerations, (6) improving registrant privacy, (7) possible RDS models, and (8) costs and impacts. In this Final Report, the EWG concluded that a new RDS would provide a better foundation than today s WHOIS system. Examining issues of privacy and data protection, deficiencies in the current WHOIS model, and costs, the EWG proposed several models for a new RDS system, and recommends a Synchronized Model as a replacement system. 2) Users and Purposes The EWG sought to take a clean slate approach to define a new RDS instead of proposing mere improvements to the current WHOIS system. To do this, the EWG members drafted an extensive set of actual use cases involving the current WHOIS system, analyzing them to identify (1) the users who want access to data, (2) their rationale for needing such access, (3) the data elements they need, and (4) the purposes served by such data. The EWG also used the cases to identify the stakeholders involved in collecting, storing, and providing registration data. 2 The EWG identified the main users of the existing WHOIS system, such as the general public, internet tech staff, individual internet users, internet researchers, IP owners, LEA/OpSec, business internet users, online service providers, all registrants, and miscreants. The EWG then created a table 3 to map the users to their main rationale for registration data access in specific use cases. For example, an IP owner, in a domain name user contact (use case), would want to access registration data to enable contact with a party using a domain name that is being investigated for trademark infringement. The EWG also prioritized the purposes identified for each user group to narrow the scope of permissible purposes in accessing registration data. Such permissible purposes include domain name control, DNS transparency, technical issue resolution, individual internet use, domain name research, regulatory enforcement, abuse mitigation, legal actions, domain name purchases or sales, domain name certification, and personal data protection. The EWG then analyzed the scope of tasks within each permissible purpose and the users needs for access to data. Through its analysis of RDS users and Permissible Purposes, the EWG formulated foundational principles to enable purpose-based access to registration data. Such principles include: (1) ICANN must publish a user-friendly policy that describes the purpose and permissible uses of registration data to inform Registrants why data is collected and how it will be handled and used; (2) there must be clearly defined 2 See Annex C, p126, for a detailed description of the use cases. 3 See pp21-25.
3 permissible and impermissible uses of the RDS; (3) the RDS must support defined permissible purposes; (4) the RDS must be able to accommodate new users and permissible purposes that will emerge over time; (5) the RDS must accommodate all identified permissible purposes except known malicious internet activities; (6) gtld registration data should be collected, validated, and disclosed for permissible purposes only; and (7) every Registrant must be able to access all public and gated information published in the RDS about their domain name. In its report, the EWG further identified the various stakeholders involved in the RDS in relation to collecting, storing, disclosing, and using gtld registration data, and mapped such stakeholders to their associated purposes of use. 4 The EWG found that most stakeholders are parties involved in initiating data requests or parties impacted by data disclosed. The EWG also proposed purpose-based contact principles to balance the need to contact a person or organization associated with a domain name with privacy matters. Such purposed-based contact principles include: (1) providing one Purpose-Based Contact (PBC) for every registered domain name, (2) using a Registrant s Contact ID as a default PBC ID during domain name registration, (3) activating a domain name only when a valid PBC ID is provided for every applicable purpose, (4) varying requirements for data elements that need to be collected and published for every PBC, (5) developing processes and policies to enable Registrantdesignated contacts to opt-in or out of having their IDs published as PBC IDs for domain names, and (6) allowing flexibility for PBCs to state new purposes and contact types. 5 3) Improving Accountability To improve accountability, privacy, and accuracy, the EWG recommends an RDS with a gated access paradigm instead of today s one-size-fits-all WHOIS system. With a gated access paradigm, the RDS would (1) log all access to gtld registration data, including unauthenticated access to public data elements, and access restrictions to deter bulk harvesting, (2) make sensitive data elements available to requestors that applied for and were issued credentials for RDS query authentication, and (3) audit both public and gated data access to minimize abuse and impose penalties for inappropriate use. The EWG recommends the following data element and access principles to improve accountability: (1) the RDS must accommodate purpose-drive disclosure of data elements; (2) not all data collected becomes public; (3) some public access to an identified minimum data must be available; (4) data elements that are more sensitive must be protected by gated access; (5) only data elements permissible for 4 See pp32-33 for a summary of the various stakeholders. 5 See p 39 for potential responsibilities for different PBCs.
4 a declared purpose must be disclosed; (6) data elements collected must have at least one permissible purpose; (7) each data element must be associated with a set of permissible purposes; (8) lists of minimum data elements to be collected, stored, and disclosed must be based on known use cases and a risk assessment; and (9) all Registries and Validators must store the full set of data elements they provide to the RDS. The EWG also proposed guidelines for data collection 6, data disclosure for permissible purposes, 7 data element classifications (mandatory or optional) 8, and alignment with the 2013 RAA data element names (page 56). Further, the EWG recommended principles for unauthenticated and gated data access, such as (1) creating a minimum set of data elements to be accessible by unauthenticated RDS users, (2) supporting multiple levels of authenticated data access, (3) accrediting RDS user credentials, (4) allowing non-discriminatory access, (5) deterring misuse and promoting accountability, (6) applying accreditation to requesters of gated access, (7) employing message encryption and authentication of RDS queries/responses, (8) providing a Reverse Query service to search public and gated data elements, (9) providing a WhoWas service to return historical snapshots of public and gated data elements for specified domain names, (10) supporting innovative services that make use of data elements, (11) ensuring all disclosures of gated data elements occur through defined RDS access methods, (12) accommodating the display of registration data in multiple languages, scripts and character sets, and Internationalized Domain Names (IDNs), (13) supporting future GNSO defined transliteration policies for gtlds, and (14) enabling collection and display of registration data elements in local languages. The EWG also examined whether the technical protocols used in the current domain registration systems, such as the EPP and the Registration Data Access Protocol (RDAP) that is developed by the WEIRDs group, can support the EWG s recommended design features. EWG s analysis suggests that the proposed RDS can use both the EPP and RDAP but may require a few extensions. 4) Improving Data Quality The EWG also recommends a more robust validation of Registrant data than today s WHOIS system, namely, in increasing data accuracy. To do so, the EWG suggests the following improvements: (1) the RDS should apply standard validation to all gtld registration data that would occur at the time of data collection; and (2) the RDS system should include a pre-validated Contact Directory. 6 See pp See pp See pp47-56 for a description of data element classifications and a table that details the resulting classification for each RDS data element.
5 The EWG purports that pre-validation of Registrant or other contact information is desirable for increasing the accuracy of contact information, avoiding the need to validate Registrant or other PBC contact data every time a Registrant registers a new domain name, and avoiding delays in domain registration processing. To promote the principles of data accuracy and validation, the EWG suggests providing mechanisms to allow easy use of contacts by multiple Registrants. In addition, the mechanisms should be user friendly for updating contact information. The EWG recommends the following principles for data accuracy and validation: (1) allowing contact portability and accountability by making contact management feasibly separate from domain management, (2) using Validators who manage contact databases and implement validation regimes to manage contacts, (3) associating Contact IDs with domain registrations, (4) ensuring contacts contain valid mandatory data elements, (5) controlling change management and authorization of use through the Contact Holder without burdening PBCs or Registrants, and (6) having a Contact ID with every individual block of contact data to identify both the Validator and Contact Holder. To address the aforementioned principles, the EWG further outlines specific guidelines for a pre-validation process, 9 an accuracy, audit, and remediation process, 10 an operational framework for managing Contact IDs and associating them with registration information, 11 principles for interaction with Validators and Contact Validation at the syntactic, operational, and identity levels. 12 Further, to combat impersonation, defamation, and abuse, the EWG recommends various principles for Validator interactions with Contact Holders 13 and principles surrounding contact data validation at the syntactic, operational, and identify levels. 14 The EWG also states that Contact Holder designate their contact data as unique and not be used by other Contact Holder claimants by (1) ensuring unique data include many elements of a contact set, (2) providing a mechanism for other Validators to compare a requested set of contact data against the Contact Holder s so that new Contact ID applicants do not impinge on uniquely protected data, and (3) validating the identify of any data designated as unique to prevent impersonation and denial-of-service type attacks. The EWG believes that adopting such Contact ID Management and Validation systems in the next generation RDS will improve data quality and refuse fraud and identity theft by making it more difficult for Registrants to input false data. 9 See p See pp See pp See pp See pp See pp76-78.
6 5) Legal and Contractual Considerations The EWG outlined the legal and contractual considerations relating to the new RDS. Most of these considerations surround principles found in data protection laws, such as the processing, transferring, and disclosure of personal data. The EWG also acknowledged privacy rights that extend to legal persons and entities in regard to free speech and freedom of association. The data protection principles include laws surrounding the export of data outside the jurisdiction of the individual, such as EU s data protection directive. To comply with such laws, the EWG examined Data Protection Mechanisms 15 for protecting personal data through the RDS ecosystem, that is (1) do nothing, (2) introduce mechanisms to facilitate compliant data collection and transfer, (3) introduce mechanisms, such as a basic ICANN privacy policy for the RDS, to harmonize privacy and data protection through the ICANN ecosystem, and (4) subject the entire RDS to the instrument of binding corporate rules. In assessing the four options, the EWG recommends that the option of developing a basic privacy policy for the RDS using standard contractual clauses that are harmonized with privacy and data protection laws would be the most feasible. The EWG also assessed various options for implementing data protection mechanisms, and concluded that the best option would be to adopt mechanisms that facilitate routine legally compliant data collection and transfer between actors in the RDS ecosystem, using standard contract clauses that are harmonized with privacy and data protection laws in contracts between all actors in the RDS ecosystem, and ensuring that there are two means of implementing high level data protection: using an information system to apply data protection laws and localizing RDS data storage. In regard to data access by law enforcement, 16 the EWG recommends that the RDS store data in jurisdictions where law enforcement is globally trusted. In addition, the EWG has recommended principles around contractual relationships and accountability among RDS parties. 17 6) Improving Registrant Privacy To ensure Registrant privacy with the new RDS, the EWG recommends the following principles: (1) using accredited services for general personal data protection, (2) making sure Registrants assume responsibility for the domain names they register outside domains registered via accredited privacy services, and (3) ensuring that ICANN investigates the development of a single, harmonized privacy policy that governs RDS activities. 15 See pp85-86 for a detailed analysis of the various data protection mechanism options. 16 See pp89-90 for a detailed analysis of the various law enforcement access options considered. 17 See pp91-95.
7 (a) Accredited Privacy and Proxy Service Principles Two main services that are currently offered to obscure the identity and/or address of entities using domain names are (1) a Privacy Service by which a Registered name is registered to its beneficial user as the Registered Name Holder, but reliable contact information is provided by the P/P Provider 18 for display of the Registered Name Holder s contact information in WHOIS, and (2) a Proxy Service where a Registered Name Holder licenses use of a Registered Name to the P/P customer 19 to provide the P/P customer use of the domain name, and the Registered Name Holder s contact information is displayed in WHOIS instead of the Customer s contact information. Today s privacy or proxy services, however, are not standardized as providers have no contractual relationship with ICANN and privacy and proxy service providers do not employ standard processes. This fails to address the needs of (1) relaying communication to privacy or proxy service customers, (2) revealing the identity of the licensee and direct contact detail for a proxy customer in response to domain name related complaints; such processes tend to vary, (3) unmasking the licensee s identity, and (4) turning to Registrars when requestors cannot contact a proxy service customer or get a resolution from a proxy service provider. To address domain name Registrant and stakeholders needs for more uniform and reliable Privacy and Proxy Services that provide greater accountability, the EWG recommends: (1) accreditation of Privacy and Proxy service Providers by ICANN under the 2013 RAA Specification, (2) use of accredited Privacy Services when entities and persons register domain names, (3) requirement of specific terms in a terms of service by ICANN to include that a service provider endeavor to provide notice in cases of expedited takedowns, (4) accredited Privacy Services must provide the Registrar with accurate and reliable contact details for all mandatory Purpose-Based Contacts, (5) accredited Privacy services must relay s received by a Registrant s forwarding address, (6) entities and natural persons should register domain names using accredited proxy services, (7) accredited proxy service providers have to provide the Registrar with their own name and contact details and a unique forwarding address, (8) accredited proxy service providers must assume all usual Registrant responsibilities for the domain name and accurate registration data, (9) accredited Proxy services must provide the Registrar with accurate and reliable contact details for all mandatory PBCs, (10) accredited Proxy services have to relay s received by the Registrant s forwarding address, and (11) accredited Proxy services have to respond to reveal requests in a timely manner P/P Provider is the provider of Privacy/Proxy services. See p P/P Customer refers to a licensee, customer, beneficial user, or other recipient of Privacy and Proxy Services. 20 See Annex H, p158, for details on relaying and revealing s.
8 (b) Secure Protected Credential Principles In addition to privacy and proxy service matters, some individuals and groups desire to preserve their anonymity as making their personal information available may be a threat to them. Such groups/individuals include (1) religious minorities, (2) victims of domestic abuse, (3) political opposition parties, (4) ethnic or social groups, and (5) journalists in hostile territories. Currently, there are various secure credentials such as Microsoft s U-Prove and IBM s Identity Mixer where recipients can prove various attributes without revealing their personal information by relying on recognition and authentication by a trusted authority. Using such technologies, an RDS can establish a process where at-risk entities can get a domain name that has been registered using a secure protected credential such that Registrars and Registries do not bear the risk and responsibility of identifying vulnerable individuals to their aggressors. There are risks associated with such a service, such as the inability to establish the identity of a person in a life or death situation, the limited nature of revealing information in the case of a criminal or libelous activity which requires a takedown, and instances where government agencies allege treason or crime and force Registrars to use expedited take-down for websites using domain names registered with secure credentials. Despite such risks, secure credentials would still provide more security to at-risk entities. To develop such a service, functions such as the following would need to be developed: (1) a process to establish criteria for at-risk entity eligibility for secure credentials, (2) collecting application forms, attestations, and financial systems with a focus on ensuring that the identifies of the at-risk entities are protected, (3) creating an independent review board that evaluates and approves applications for secure credentials, (4) ensuring trusted parties are willing to relay secure credential applications and domain names to the independent review board, (5) ensuring that accredited proxy service providers accept secure credentials when registering domain names, and (6) developing policies surrounding expedited take-down procedures and mitigations of DNS abuse such as including enhanced security monitoring of secure credential registered domain names. The EWG believes that its recommended data protection principles, principles for accredited Privacy/Proxy providers, and Secured Protected Credential principles will facilitate the protection of personal data. Notably, with the Secured Protected Credential principles, it will be the first time of establishing procedures to safeguard vulnerable and disadvantaged groups.
9 7) Possible RDS Models The EWG considered several models for its recommended RDS 21, relying on the principles of data collection, storage, access, and protocol. Applying these principles, the EWG considered the following models, (1) the current WHOIS system, (2) a Federated model, (3) a Synchronized RDS model (also known as the Aggregated RDS model), (4) a Regional model, (5) an Opt-out model, and (6) a bypass model. Of the models considered, the EWG recommends the Synchronized RDS (SRDS) Model. This model would resolve the WHOIS concerns about reducing consumer confusion as to how and where one can access registration data. The SRDS is an RDS that would, in near real-time, copy data received from distributed storage areas operated by Registries and Validators into a synchronized system that would aggregated and store data in a distributed architecture operated by the RDS. RDS would be the authoritative data source and would provide authoritative access, moving beyond the current RAA requirement for Registrar and Registry timeliness of updates. All requests for gated data would have to be answered by querying the RDS. The EWG suggests that the RDS would provide access to the data but the data would not be stored in a single location, instead, data would be stored in multiple locations. Registries and Validators would store their own data but the RDS can use synchronized copies of that data to process access requests. 22 Via the EPP, data is pushed to the SRDS by Validators and Registrars/Registries. 23 The SRDS provides various benefits in terms of (1) security implications, (2) jurisdictional and privacy concerns, (3) accreditation, (4) operation, (5) implementation, and (6) costs. The SRDS addresses security implications by being better able to ensure consistent security implementation and policy enforcement. Using its synchronized model with distributed architecture managed by one operator would likely produce a more uniform approach to reaching the EWG s security goals. The SRDS also satisfies jurisdictional and privacy concerns by enabling a more consistent application of rules and local privacy requirements through the administration of rules by one entity as opposed to management by over a thousand participants under different models. In terms of accreditation, the SRDS offers features to track and enforce abusers. The SRDS also offers efficiencies in operational areas such as deploying a user friendly portal to display data in multiple languages and scripts consistently, and allowing random data quality 21 See Annex F, p141, for a detailed analysis of the criteria used by the EWG in considering the possible RDS models. 22 See p112 for an illustration of the workings of the SRDS. 23 See Annex I, p162-63, for a detailed description of the RDS flowcharts illustrating data flows
10 audits. Compared to other models, the SRDS would also be more cost efficient to implement. 24 8) Costs and Impacts The EWG also analyzed the costs and impacts of implementing the new RDS system. Although current WHOIS operating costs are unknown, the EWG is confident that the new RDS will reduce the hidden costs incurred with the current inefficient and often inaccurate WHOIS system. Accordingly, the EWG proposes the following cost principles: (1) providing free access to unauthenticated public data elements, (2) subjecting authenticated access by law enforcement to authorized data elements to special cost considerations, (3) striving for cost-efficiency and minimization with the RDS design, (4) operating the RDS on a cost-recovery model, (5) creating and funding an RDS software development platform by ICANN to facilitate migration from WHOIS, and (6) preventing the software development platform from unduly burdening other RDS users. As discussed in the Improving Accountability 25 section of the report, the EWG recommends performing a widely scoped risk assessment to ensure that the RDS principles recommended do result in the appropriate collection and disclosure of data for defined purposes. The EWG has already collected a survey from over 180 parties worldwide to garner information about the risks and benefits of a next generation WHOIS replacement system. 9) Conclusion and Next Steps In conclusion, the EWG recommends abandoning the current WHOIS model that gives every user the same anonymous public access to gtld registration data. The EWG instead recommends a new RDS to ensure greater accuracy, accountability, and transparency. The EWG acknowledges several other issues that need to be addressed in the future, such as (1) creating accreditation bodies and policies for identifying who qualifies as a member of an RDS user community, (2) creating extensions to support the new RDS model and data elements, (3) undertaking a full risk and impact assessment before implementing the new RDS, (4) drafting a basic ICANN privacy policy for the RDS, (5) examining how to apply new policies to the recommended RDS based on existing policies, and (6) creating an accreditation program for Validators. 24 See Annex F, pp150-53, for a detailed cost analysis for the different proposed models. 25 See pp40-68.
Expert Working Group on gtld Directory Services (EWG) Frequently Asked Questions (FAQs) 2014 Final Report Update
Origin and Purpose of the EWG Expert Working Group on gtld Directory Services (EWG) 1) What is the Expert Working Group (EWG)? 2) Who are the members of the EWG? 3) What is the EWG s objective? How does
More informationExploring Replacements for WHOIS A Next Generation Registration Directory Service (RDS)
Exploring Replacements for WHOIS A Next Generation Registration Directory Service (RDS) EWG Consultation with the ICANN Community Wednesday 20 November, 2013 Registration Directory Service (RDS) Session
More informationA Next Generation Registration Directory Service (RDS) Briefing by the Expert Working Group (EWG) on gtld Directory Services 13 July 2013
A Next Generation Registration Directory Service (RDS) Briefing by the Expert Working Group (EWG) on gtld Directory Services 13 July 2013 Mandate and Purpose + ICANN Board directives + Implement the WHOIS
More informationFinal Report from the Expert Working Group on gtld Directory Services: A Next-Generation Registration Directory Service (RDS)
Final Report from the Expert Working Group on gtld Directory Services: A Next-Generation Registration Directory Service (RDS) STATUS OF THIS DOCUMENT This is the final report from the Expert Working Group
More informationPURPOSE STATEMENT FOR THE COLLECTION AND PROCESSING OF WHOIS DATA
PURPOSE STATEMENT FOR THE COLLECTION AND PROCESSING OF WHOIS DATA The GDPR requires that the collection and processing of personal data be for specified, explicit and legitimate purposes. (Article 5(1)(b).
More informationInitial Report from the Expert Working Group on gtld Directory Services: A Next Generation Registration Directory Service
Initial Report from the Expert Working Group on gtld Directory Services: A Next Generation Registration Directory Service STATUS OF THIS DOCUMENT This is an initial report from the Expert Working Group
More informationWhois Study Table Updated 18 February 2009
Whois Study Table Updated 18 February 2009 This table is based on the chart included in the WHOIS Hypothesis Report of 26 August 2008, amended to show related or overlapping studies clustered into letter
More informationICANN GDPR Proposed Models Redaction Proposal EXECUTIVE SUMMARY:
EXECUTIVE SUMMARY: The ICANN Redaction Model is proposed as an interim solution while ICANN Org and the community develop a long-term replacement to WHOIS. If adopted, registries and registrars do not
More informationProposal for a model to address the General Data Protection Regulation (GDPR)
Proposal for a model to address the General Data Protection Regulation (GDPR) Introduction Please find the Executive Summary of the data model in Part A of this document. Part B responds to the requirements
More informationThis descriptive document is intended as the basis for creation of a functional specification for 2
Introduction & Overview This document provides a framework for the rapid implementation of a certification and access 1 model for non-public Whois data for legitimate and lawful purposes.this model specifically
More informationGeneral Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) & WHOIS at ICANN Savenaca Vocea APNIC 46, Noumea 11 September 2018 About the General Data Protection Regulation (GDPR) The European Union s (EU s) GDPR aims to
More informationIntroduction. Prepared by: ICANN Org Published on: 12 January 2018
Proposed Interim Models for Compliance with ICANN Agreements and Policies in Relation to the European Union s General Data Protection Regulation For Discussion Prepared by: ICANN Org Published on: 12 January
More informationDNS Abuse Handling. FIRST TC Noumea New Caledonia. Champika Wijayatunga Regional Security, Stability and Resiliency Engagement Manager Asia Pacific
DNS Abuse Handling FIRST TC Noumea New Caledonia Champika Wijayatunga Regional Security, Stability and Resiliency Engagement Manager Asia Pacific 10 September 2018 1 The Domain Name System (DNS) The root
More informationYes. [No Response] General Questions
General Questions Q1. Do you agree that the proposals to refine the WHOIS opt-out eligibility and to provide a framework for registrar privacy services meets the policy objectives set out in the consultation
More informationRegistry Internet Safety Group (RISG)
Registry Internet Safety Group (RISG) Re: Potential for Malicious Conduct and new TLD Process RISG s mission is to facilitate data exchange and promulgate best practices to address Internet identity theft,
More informationDraft Applicant Guidebook, v3
Draft Applicant Guidebook, v3 Module 5 Please note that this is a discussion draft only. Potential applicants should not rely on any of the proposed details of the new gtld program as the program remains
More informationProgress Report Negotiations on the Registrar Accreditation Agreement Status as of 1 March 2012
Progress Report Negotiations on the Registrar Accreditation NOTE: For the entirety of this Summary document, the are provided to give broader understanding of the status of the discussions. The section
More informationISSUE CHART FOR THE GNSO RAA REMAINING ISSUES PDP ON PRIVACY/PROXY SERVICES
ISSUE CHART FOR THE GNSO RAA REMAINING ISSUES PDP ON PRIVACY/PROXY SERVICES Issue Explanation/Prior Recommendation 1 Practices & Procedures 1.1 Standard Service Practices These should be clearly published,
More informationGDPR. The new landscape for enforcing and acquiring domains. You ve built your business and your brand. Now how do you secure and protect it?
General Data Protection Regulation The new landscape for enforcing and acquiring domains. You ve built your business and your brand. Now how do you secure and protect it? GDPR CONTENTS GDPR 01 Introduction
More informationSummary of Public Suggestions on Further Studies of WHOIS including the GAC recommendations of 16 April Updated 10 May 2008
Summary of Public Suggestions on Further Studies of WHOIS including the GAC recommendations of 16 April Updated 10 May 2008 Study submissions have been divided into eight recommended areas, as follows:
More informationApproved 10/15/2015. IDEF Baseline Functional Requirements v1.0
Approved 10/15/2015 IDEF Baseline Functional Requirements v1.0 IDESG.org IDENTITY ECOSYSTEM STEERING GROUP IDEF Baseline Functional Requirements v1.0 NOTES: (A) The Requirements language is presented in
More informationPrivacy and Proxy Service Provider Accreditation. ICANN58 Working Meeting 11 March 2017
Privacy and Proxy Service Provider Accreditation ICANN58 Working Meeting 11 March 2017 Agenda 13:45-15:00 15:00-15:15 15:15-16:45 Timeline Check; Policy Document Update; Third- Party Requests Break PSWG
More informationICANN Contractual Compliance Proforma DNS Infrastructure Abuse November 2018 Registry Audit Request For Information (RFI)*
ICANN Contractual Compliance Proforma DNS Infrastructure Abuse November 2018 Registry Audit Request For Information (RFI)* INSTRUCTIONS: If you have any questions, please email ICANN at complianceaudit@icann.org.
More informationWHOIS High-Level Technical Brief
WHOIS High-Level Technical Brief Background When the predecessor to the Internet (the ARPANet) was first being developed, it was quickly determined that there needed to be a contact list of the researchers
More informationen.pdf
Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data For Discussion 20 August 2018 Prepared by: ICANN organization A. Introduction...2 B. Brief Summary of the Framework
More informationAdvisory Statement: Temporary Specification for gtld Registration Data
Advisory Statement: Temporary Specification for gtld Registration Data Adopted on 17 May 2018 by ICANN Board Resolutions 2018.05.17.01 2018.05.17.09 On 17 May 2018, the ICANN Board of Directors (ICANN
More informationOnlineNIC PRIVACY Policy
OnlineNIC PRIVACY Policy ONLINENIC INC (ONLINENIC) TAKES YOUR PRIVACY SERIOUSLY. Our Privacy Policy is intended to describe to you how and what data we collect, and how and why we use your personal data.
More informationWHOIS Studies Update. Liz Gasster
WHOIS Studies Update Liz Gasster WHOIS Topics WHOIS Studies 4 studies: Misuse of public data Registrant Identification Proxy/Privacy Abuse Proxy/Privacy Relay and Reveal WHOIS Service Requirements Other
More informationINTELLECTUAL PROPERTY CONSTITUENCY COMMENTS ON PROPOSED INTERIM MODELS FOR ICANN COMPLIANCE WITH EU GENERAL DATA PROTECTION REGULATION
INTELLECTUAL PROPERTY CONSTITUENCY COMMENTS ON PROPOSED INTERIM MODELS FOR ICANN COMPLIANCE WITH EU GENERAL DATA PROTECTION REGULATION January 29, 2018 The Intellectual Property Constituency (IPC) of the
More informationUpdate on GNSOrequested. Studies. Liz Gasster Senior Policy Counselor ICANN. 14 March 2012
Update on GNSOrequested WHOIS Studies Liz Gasster Senior Policy Counselor ICANN 14 March 2012 1 gtld WHOIS Studies - Goals WHOIS policy debated for many years GNSO Council decided in October 2007 that
More informationThe Internet Big Bang: Implications for Financial Services Brand Owners
The Internet Big Bang: Implications for Financial Services Brand Owners Tony Onorato, Alexis Hunter September 12, 2013 Who We Are & What We Do Tony Onorato and Alexis Hunter are long-time commercial litigators
More informationWith this vital goal in mind, MarkMonitor believes that the optimal WHOIS model should have, at minimum, these five important characteristics:
MARKMONITOR COMMENT ON THE COMMUNITY S, AND ICANN S, PROPOSED INTERIM MODELS FOR WHOIS COMPLIANCE UNDER THE EUROPEAN GENERAL DATA PROTECTION REGULATION (GDPR) Introduction MarkMonitor, part of Clarivate
More informationRegistrar Session ICANN Contractual Compliance
1 Registrar Session ICANN Contractual Compliance ICANN 60 01 November 2017 2 Agenda Brief Update Since ICANN 58 Registrar Compliance Update Performance Measurement & Reporting Update Contractual Compliance
More informationFast Flux Hosting Final Report. GNSO Council Meeting 13 August 2009
Fast Flux Hosting Final Report GNSO Council Meeting 13 August 2009 1 January 2008: SAC 025 Fast Flux Hosting and DNS Characterizes Fast Flux (FF) as an evasion technique that enables cybercriminals to
More informationCHAPTER 13 ELECTRONIC COMMERCE
CHAPTER 13 ELECTRONIC COMMERCE Article 13.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial
More informationProposed Interim Model for GDPR Compliance-- Summary Description
Proposed Interim Model for GDPR Compliance-- Summary Description (The Calzone Model, 28 February 2018) Prepared by: ICANN Org I. Introduction The Proposed Interim Model balances competing elements of models
More informationContractual Compliance. Text. IPC Meeting. Tuesday, 24 June 2014 #ICANN50
Contractual Compliance IPC Meeting Tuesday, 24 June 2014 Contractual Compliance Update Since ICANN 49 Ongoing efforts and alignment on 2013 RAA and the new Registry Agreement Launched a quality process
More informationma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018
ma recycle.com Rely and Comply... GDPR Privacy Policy Policy Date: 24 May 2018 Max Recycle Hawthorne House Blackthorn Way Sedgeletch Industrial Estate Fencehouses Tyne & Wear DH4 6JN T: 0845 026 0026 F:
More informationPart 1: Items that Contracted Parties Need from ICANN before May 25 - Prior to Implementation
Contracted Parties House GDPR Discussion Group Input to ICANN on Implementation Timeline for Interim GDPR Compliance Model March 26, 2018 Introduction In response to ICANN Staff s request during ICANN
More informationFinal Outcomes Report of the WHOIS Working Group 2007
Final Outcomes Report of the WHOIS Working Group 2007 STATUS OF THIS DOCUMENT This is the FINAL Version (sequentially v1.9) of the Outcomes Report of the WHOIS Working Group. Page 1 of 89 TABLE OF CONTENTS
More informationAccelerate GDPR compliance with the Microsoft Cloud
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with
More informationReview of Law Applicable to the Transition of Data from a Thin to Thick. In March 2014, the ICANN Board adopted GNSO consensus policy
To: From: Thick Whois Implementation Review Team ICANN Staff Date: 8 June 2015 Re: Review of Law Applicable to the Transition of Data from a Thin to Thick Whois Model I. EXECTUVE SUMMARY In March 2014,
More informationBIOEVENTS PRIVACY POLICY
BIOEVENTS PRIVACY POLICY At Bioevents, your privacy is important. Below you will find our privacy policy, which covers all personally identifiable data shared through Bioevents websites. Our privacy policy
More informationSummary of feedback on the proposed changes to.uk policy arising from GDPR
Summary of feedback on the proposed changes to.uk policy arising from GDPR Comments received between 1 st March 2018 and 4 th April 2018 Introduction The EU General Data Protection Regulation (GDPR) was
More informationTopic LE /GAC position Registrar Position Agreement in Principle 1. Privacy and Proxy services
Topic LE /GAC position Registrar Position Agreement in Principle 1. Privacy and Proxy services 2. Prohibition of Certain Illegal, Criminal or Malicious Conduct In the event ICANN establishes an accreditation
More informationRegistry Vulnerabilities An Overview
Registry Vulnerabilities An Overview Edward Lewis ed.lewis@neustar.biz ccnso Tech Day @ ICANN 46 April 8, 2013 1 Goal of the Presentation» High-level overview of where security matters» Reduce the chances
More informationNext-Generation gtld Registration Directory Service (RDS) to replace WHOIS ICANN57 F2F Meeting Slides
Next-Generation gtld Registration Directory Service (RDS) to replace WHOIS ICANN57 F2F Meeting Slides RDP PDP WG ICANN58 11 March 2017 Agenda 1 2 3 Introductions & SOI Updates PDP Work Plan, Progress,
More informationDRAFT: gtld Registration Dataflow Matrix and Information
DRAFT: gtld Registration Dataflow Matrix and Information Summary of Input Received From Contracted Parties and Interested Stakeholders. Version 2 6 November 2017 ICANN DRAFT: gtld Registration Dataflow
More informationGAC PRINCIPLES REGARDING gtld WHOIS SERVICES. Presented by the Governmental Advisory Committee March 28, 2007
GAC PRINCIPLES REGARDING gtld WHOIS SERVICES Presented by the Governmental Advisory Committee March 28, 2007 1.1 The purpose of this document is to identify a set of general public policy issues and to
More informationYes. [No Response] General Questions
General Questions Q1. Do you agree that the proposals to refine the WHOIS opt-out eligibility and to provide a framework for registrar privacy services meets the policy objectives set out in the consultation
More informationThe IDN Variant TLD Program: Updated Program Plan 23 August 2012
The IDN Variant TLD Program: Updated Program Plan 23 August 2012 Table of Contents Project Background... 2 The IDN Variant TLD Program... 2 Revised Program Plan, Projects and Timeline:... 3 Communication
More informationInternet Corporation for Assigned Names and Numbers ( ICANN )
Internet Corporation for Assigned Names and Numbers ( ICANN ) A Model for a High Security Zone Verification Program Draft Version 1.0 ICANN Internet Corporation for Assigned Names and Numbers Security
More informationLaw Enforcement Recommended RAA Amendments and ICANN Due Diligence Detailed Version
Date: 18 October 2010 Law Enforcement Recommended RAA Amendments and ICANN Due Diligence Detailed Version Introduction: Below are: 1) suggested amendments to the RAA and; 2) due diligence recommendations
More informationWHOIS Accuracy Study Findings, Public Comments, and Discussion
I C A I NC N A N M N E ME ET EI NT G I N NG O N. o. 3 83 8 2 0 -- 2 55 JJ uu nn e E 2 20 01 10 0 WHOIS Accuracy Study Findings, Public Comments, and Discussion 23 June 2010 David Giza, ICANN Jenny Kelly,
More informationUSER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.
These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection
More informationStrasbourg, 21 December / décembre 2017
Strasbourg, 21 December / décembre 2017 T-PD(2017)20Rev CONSULTATIVE COMMITTEE OF THE CONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA COMITÉ CONSULTATIF
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationWithin the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):
Privacy Policy Introduction Ikano S.A. ( Ikano ) respects your privacy and is committed to protect your Personal Data by being compliant with this privacy policy ( Policy ). In addition to Ikano, this
More informationConference for Food Protection. Standards for Accreditation of Food Protection Manager Certification Programs. Frequently Asked Questions
Conference for Food Protection Standards for Accreditation of Food Protection Manager Certification Programs Frequently Asked Questions Q. What was the primary purpose for the Conference for Food Protection
More informationIt applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).
Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations
More informationFederated Authentication for RDAP ICANN-54 Tech Day
Federated Authentication for RDAP ICANN-54 Tech Day Scott Hollenbeck, Senior Director shollenbeck@verisign.com October 19, 2015 RDAP? What about WHOIS? WHOIS first documented in RFC 812 from 1982! Predates
More informationStartup Genome LLC and its affiliates ( Startup Genome, we or us ) are committed to protecting the privacy of all individuals who ( you ):
Privacy Policy Startup Genome LLC and its affiliates ( Startup Genome, we or us ) are committed to protecting the privacy of all individuals who ( you ): visit any websites or mobile sites offered by Startup
More informationITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles
ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability Session 2: Conformity Assessment Principles 12-16 October 2015 Beijing, China Keith Mainwaring ITU Expert Agenda 1. Context
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationUnderstanding RDAP and the Role it can Play in RDDS Policy. ICANN October 2018
1 Understanding RDAP and the Role it can Play in RDDS Policy ICANN 63 22 October 2018 2 Agenda Introduction RDAP Implementation Status in gtlds RDAP: Mechanism and Policy Authentication and RDAP Registrar
More informationPOMONA EUROPE ADVISORS LIMITED
POMONA EUROPE ADVISORS LIMITED Personal Information Notice Pomona Europe Advisors Limited (Pomona, we/us/our) wants you to be familiar with how we collect, use and disclose personal information. This Personal
More informationEDENRED COMMUTER BENEFITS SOLUTIONS, LLC PRIVACY POLICY. Updated: April 2017
This Privacy Policy (this Privacy Policy ) applies to Edenred Commuter Benefits Solutions, LLC, (the Company ) online interface (i.e., website or mobile application) and any Edenred Commuter Benefit Solutions,
More informationData Protection Policy
Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please
More informationExplanation of Data Element Data Element Potentially Legitimate purposes for Collection/Retention
Data Element Data Element Potentially Legitimate purposes for Collection/Retention 1.1.1. First and last name or full legal name of Registrant 1.1.2. First and last name or, in the event Registrant is
More informationRDAP Implementation. Francisco Arias & Gustavo Lozano 21 October 2015
RDAP Implementation Francisco Arias & Gustavo Lozano 21 October 2015 Agenda 1 2 3 History of Replacing WHOIS protocol gtld RDAP Profile RDAP Profile Details 4 5 Open Issues gtld RDAP Profile Conclusion
More informationDATA PROTECTION POLICY THE HOLST GROUP
DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller
More informationWHOIS Review Team Internationalized Registration Data Expert Working Group. Margie Milam ICANN October 2015
WHOIS Review Team Internationalized Registration Data Expert Working Group Margie Milam ICANN 54 18 October 2015 Agenda Welcome Margie Milam, ICANN Final Report from the Expert Working Group on Internationalized
More informationG8 Lyon-Roma Group High Tech Crime Subgroup
G8 Lyon-Roma Group High Tech Crime Subgroup In October 2009, a series of recommendations for amendments to ICANN s Registrar Accreditation Agreement (RAA) was proposed to ICANN by law enforcement agencies
More informationTemporary Specification for gtld Registration Data
Temporary Specification for gtld Registration Data Adopted on 17 May 2018 by ICANN Board Resolutions 2018.05.17.01 2018.05.17.09 The General Data Protection Regulation (GDPR) was adopted by the European
More information.LATROBE TLD REGISTRATION POLICY
Mailing address La Trobe University Victoria 3086 Australia T + 61 3 9479 1111 latrobe.edu.au MELBOURNE CAMPUSES Bundoora Collins Street CBD Franklin Street CBD.LATROBE TLD REGISTRATION POLICY REGIONAL
More informationDraft Applicant Guidebook, v4
Draft Applicant Guidebook, v4 Module 5 Please note that this is a discussion draft only. Potential applicants should not rely on any of the proposed details of the new gtld program as the program remains
More informationIntroduction To the ICANN Community, Privacy Regulators, Governments and Concerned Parties:
Introduction To the ICANN Community, Privacy Regulators, Governments and Concerned Parties: On May 25, 2018, the General Data Protection Regulation (GDPR) will come into effect. In advance of that date,
More informationCD STRENGTH LLC. A MASSACHUSETTS, USA BASED COMPANY
CD STRENGTH LLC. A MASSACHUSETTS, USA BASED COMPANY PRIVACY POLICY This Privacy Policy will be effective as of May 23, 2018 for all new users and users in EU and EEA member countries. For all other users,
More informationImproving WHOIS- An Update. 20 November, 2013
Improving WHOIS- An Update 20 November, 2013 Agenda 1. Introduction 2. Demo of the WHOIS Website 3. IETF Update 4. New Registrar Obligations 5. Contractual Compliance Update 6. Policy Update 7. Internationalized
More information10007/16 MP/mj 1 DG D 2B
Council of the European Union Brussels, 9 June 2016 (OR. en) 10007/16 OUTCOME OF PROCEEDINGS From: On: 9 June 2016 To: General Secretariat of the Council Delegations No. prev. doc.: 9579/16 + COR 1 Subject:
More informationFinal Report on the Privacy & Proxy Services Accreditation Issues Policy Development Process
Final Report on the Privacy & Proxy Services Accreditation Issues Policy STATUS OF THIS DOCUMENT This is the, prepared by ICANN staff and the Working Group for submission to the GNSO Council on 7 December.
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationDISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018
DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018 Introduction This disclosure on the processing of personal data (hereinafter, the "Disclosure") is provided pursuant to Art.
More informationAttachment 3..Brand TLD Designation Application
Attachment 3.Brand TLD Designation Application Internet Corporation for Assigned Names and Numbers ( ICANN ) 12025 Waterfront Drive, Suite 300 Los Angeles, California 90094 Attention: New gtld Program
More informationUpdate on Whois Studies
Update on Whois Studies 1 1 Current Status Final GNSO-commissioned Whois studies now completed, awaiting public comment Whois Privacy & Proxy Abuse Study Performed by National Physical Laboratory, UK Public
More informationProposed Final Report on the Post-Expiration Domain Name Recovery Policy Development Process Executive Summary
Proposed Final Report on the Post-Expiration Domain Name Recovery Policy Development Process STATUS OF THIS DOCUMENT This is the of the Proposed Final Report on the Post-Expiration Domain Name Recovery
More informationICANN and Russia. Dr. Paul Twomey President and CEO. 10 June International Economic Forum St. Petersburg, Russia
ICANN and Russia Dr. Paul Twomey President and CEO 10 June 2007 1 ICANN s mission To coordinate, overall, the global Internet's system of unique identifiers, and to ensure stable and secure operation of
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationWHOIS Access and the EU General Data Protection Regulation. Part 2
WHOIS Access and the EU General Data Protection Regulation Part 2 Panelists Brian Winterfeldt Winterfeldt IP Group IPC President (Co-Moderator) Steve DelBianco NetChoice BC Vice Chair for Policy (Co-Moderator)
More informationCHAPTER 19 DIGITAL TRADE. a covered investment as defined in 1.4 (General Definitions);
CHAPTER 19 DIGITAL TRADE Article 19.1: Definitions For the purposes of this Chapter: algorithm means a defined sequence of steps, taken to solve a problem or obtain a result; computing facility means a
More informationPRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland.
PRIVACY STATEMENT +41 (0) 225349799 www.energymarketprice.com Rue du Rhone 5 1921, Martigny, Switzerland dpo@energymarketprice.com Introduction Your privacy and trust are important to us and this Privacy
More informationManaging Jurisdictional Risks for Public Cloud Services
Managing Jurisdictional Risks for Public Cloud Services Version 1.0 July 2017 1 Contents Executive summary 3 Definitions 4 Assessing jurisdictional risk 5 Commonly-used jurisdictions 8 2 Executive summary
More informationProposed Temporary Specification for gtld Registration Data WORKING DRAFT
Proposed Temporary Specification for gtld Registration Data WORKING DRAFT (As of 11 May 2018) Prepared by: ICANN organization The General Data Protection Regulation (GDPR) was adopted by the European Union
More informationThe registration of Domain Names will be centralized and managed through all DOT accredited Registrars selected by the Registry.
DOT TLD REGISTRATION POLICY 1. ELIGIBILITY DOT is a closed, restricted Top Level Domain ( TLD ). Only DISH DBS Corporation and its Affiliates are eligible to register a Domain Name under the DOT TLD. If
More informationEffective October 31, Privacy Policy
Privacy Policy The nic.gop website is operated by Republican State Leadership Committee, Inc. ( Team.gop, we or us ). This Privacy Policy applies to nic.gop and any other website offered by Team.gop, which
More informationExecutive Order 13556
Briefing Outline Executive Order 13556 CUI Registry 32 CFR, Part 2002 Understanding the CUI Program Phased Implementation Approach to Contractor Environment 2 Executive Order 13556 Established CUI Program
More informationReport of Public Comments
Report of Public Comments Next-Generation gtld Registration Directory Services to Replace WHOIS Preliminary Issue Title: Report Publication Date: 7 October 2015 Prepared By: Marika Konings Comment Period:
More informationMASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY
Effective Date: 12 September 2017 MASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY Mastercard respects your privacy. This Privacy Policy describes how we process personal data, the types of personal
More informationRowing Canada Aviron. Online Registration System - Protection of Personal Privacy. Policy Statement
Rowing Canada Aviron Online Registration System - Protection of Personal Privacy Policy Statement Rowing Canada Aviron (RCA) has developed this Privacy Policy to describe the way that RCA collects, uses,
More information