/
Subgroup 5 – Safeguarding Registrant Data

Subgroup 5 – Safeguarding Registrant Data

Owned by Alice Jansen
Last updated: Mar 02, 2025 by Aleksey KhapchenkoVersion comment
(green star)Objective

Consistent with ICANN’s mission and Bylaws, Section 4.6(e)(ii), the review team will assess the extent to which the implementation of today’s WHOIS (the current gTLD RDS) safeguards registrant data by (a) identifying the lifecycle of registrant data, (b) determining if/how data is safeguarded in each phase of that lifecycle, (c) identifying high-priority gaps (if any) in safeguarding registrant data, and (d) recommending specific measureable steps (if any) the team believes are important to fill gaps. 

Background Documents

Further background documents may be found on the Review Team's overall Background Materials page.


(blue star) Leader/Rapporteur: Alan Greenberg

(blue star)Members: Alan Greenberg, Dmitry Belyavsky, Stephanie Perrin, Volker Greimann

(blue star)Mailing-list archives:  http://mm.icann.org/pipermail/rds-whois2-safeguard/

(blue star)Conference calls

(blue star)Review Team Templates: see here


Subgroup Documents

Date

Document (Versions in Red are latest)

File

Subgroup report

 

v9DOCX

 

v8DOCX

 

v7 (incl. FtoF #3 Agreements)DOCX

 

v6DOCX

 

v5DOCX

 

v4DOCX

 

v3DOCX

 

v2DOCX

 

v1DOCX
Face-to-Face Mtg #2 Slides - Findings

 

v2

PPTX

 

v1PPTX
Work plan (as per Alan's email)

 

v1EMAIL
Planning questions

 

v2PPTX

 

v1PPT
First Pass Document

 

v4DOCX

 

v3DOCX

 

v2

DOCX

 

v1DOCX

Open Actions/Requests

*To be provided once reasonable date is determined by appropriate subject-matter expert

Item #Source of RequestDate of RequestAction Item RequestAction Owner

Anticipated Completion Date*

Progress Notes

Completed Actions/Requests

*To be provided once reasonable date is determined by appropriate subject-matter expert

Item #Source of RequestDate of RequestAction Item RequestAction Owner

Anticipated Completion Date*

Progress NotesCompleted ResponseCompletion Date
10#37

 

Modify language to specify that level of data breach should be the subject of discussion with data security expert(s)

Alan

 


DOCX

 

9FtoF #3

 

Update Rec SG.1 to reflect agreements reached.Alan

 


DOCX

 

8#35

 

Subgroup 5 | Safeguarding Registrant Data - Alan to update the draft recommendation text that appears in brackets [ICANN should similarly consider whether contractual requirement are needed to require registrars, registries and escrow provides to notify registrants in the event of data breaches.] regarding breach notification to serve as the basis for discussion at the face-to-face meeting #3.Alan



7Email

Contract signed with escrow providers so that we may understand what processes, constraints or rules escrow providers are subject to regarding safeguarding data while under their custody and in relation to any data breaches that may be discovered. If the contracts are all substantially identical, then the standard boiler-plate contract will be sufficient. ICANN org

Email

 

6#27

 

Subgroup members to send a quick status update to the review teamSubgroup

Plenary Call #28

 

5#26

 

Alan to confirm revisions made RT agreements. Alan

Email

 

4#26

 

Stephanie to provide draft formulation to AlanStephanie

Report

 

3#26

 

Alan to refine question number 3.Alan

Report

 

2#26

 

Questions for ICANN org :

○       What are contractual requirements to secure stored escrow data

○       What are contractual requirements to notify ICANN in the event of breach

○       How do you secure registrant data under your control?

ICANN org

Email

 

1#25

 

Alan plans to share his first draft of subgroup draft report with the subgroup/RT for review in parallel by the end of the weekend.Alan

Email

 

Decisions Reached

Source of requestDateDecision
FtoF #3

 

Update findings but retain recommendation for review by data security experts. Do not include a recommendation regarding registrant notification.