Margie Milam, Senior Director 27 March 2014 Privacy/Proxy Accreditation Survey Results.

Slides:

Advertisements

Similar presentations

© 2003 Public Interest Registry Whois Workshop Registrant/User Classification & Current Practices Panel Presented by Bruce W. Beckwith VP, Operations October.

Advertisements

The use of Trademarks on the Internet: Problems and solutions Trademark owners perspective Marques cyberspace team September 2012.

Acceptable Use of Computer and Network Resources Jim Conroy Acting Director, Academic Computing Services September 9, 2013.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

© 2003 Public Interest Registry Whois Workshop Introduction to Registry/Registrar Issues Presented by Bruce W. Beckwith VP, Operations June 23, 2003 Serving.

Margie Milam Senior Policy Counselor ICANN 1 ( All views expressed are my own)

Registrar experiences with WHOIS Bruce Tonkin Melbourne IT Ltd.

Ron DeJuliis, Commissioner of Labor and Industry Rob McGeeney, Program Manager Larry Kreseski, Chief inspector Department of Labor, Licensing, and Regulation.

Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.

Hong Kong Privacy Code on Human Resource Management

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Licensing & Regulation Division Senior Sergeant Brett Kahan Presentation to the Association of Investigators & Security Professionals.

INTERNET and CODE OF CONDUCT

Per Anders Eriksson

1 Exemption AdministrationTraining Related to Accepting Certificates Prepared by the Streamlined Sales Tax Governing Board Audit Committee Prepared January.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Implementation Recommendation Team (IRT) Proposal Comments Sue Todd, Director, Product Management Monday 11 May 2009, San Francisco.

Text #ICANN51. Text #ICANN51 15 October 2014 At-large policy round table Holly Raiche Panel 1: Privacy and Proxy 1000 – 1045 Hrs.

Federalwide Assurance Presentation for IRB Members.

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

1. What is the DMCA? Digital Millennium Copyright Act. Signed into law in Provides the legal framework for copyright holders to claim copyright.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Final Report on Improvements to the RAA Steve Metalitz 5 December 2010.

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

David Giza, Stacy Burnette & Pam Little Contractual Compliance Team October 2009 Registrar Stakeholder Group Constituency Meeting.

Internet regulation National limits of Internet Content.

CcTLD/ICANN Contract for Services (Draft Agreements) A Comparison.

Canada’s Anti Spam Legislation. What is CASL? CASL was intended to combat negative online behaviour  spam  phishing  malware  spyware  It will create.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Use of U.T. Austin Property Computers: Security & Acceptable Use The University of Texas at Austin General Compliance Training Program.

About the Clemson-USC Data Center Sharing Service Agreement Winter 2010 Common Solutions Group Asbed Bedrossian USC.

Jenkins Independent Schools NETWORK STAFF USER CONTRACT Acceptable Use Policy 2007 – 2008.

Anti-Spam update Unsolicited Electronic Messages Bill and ISP Spam Code of Practice 2 February 2006 Keith Davidson Executive Director.

2006 SISO Executive Conference Legal Issues in Using Mailing Lists: The CAN-SPAM ACT The Junk Fax Prevention Act The National Do Not Call Registry.

Data Protection Act AS Module Heathcote Ch. 12.

Global Name Registry Proposal to Modify Appendix O: WHOIS Data Access.

FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Contractual Compliance Registrar Stakeholder Group Constituency Pam Little 9 March 2010.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Proposals for Improvements to the RAA June 22, 2010.

IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.

Supervision SICOR Securities, Inc.. Why? NASD 3110 requires the firm to “…establish and maintain a system to supervise the activities of each registered.

Implementation of the.eu Top Level Domain Marko Bonač Arnes.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Governmental Advisory Committee Public Safety Working Group 1.

Terms of Service Agreements What does the fine print really contain?

Serving the Public. Regulating the Profession. CANADA’S ANTI-SPAM LEGISLATION (CASL) Training for Chapters Based on Guidelines for Chapters First published.

Privacy Information for Advisors. Agenda PIPEDA Advisor Required Privacy Program Our MGA Privacy Program Recommendations for Advisors.

Membership closure management Vivek Nigam

Investigations: Strategies and Recommendations (Hints and Tips) Leah Lane, CFE Director, Global Investigations, Texas Instruments, Inc.

Data protection—training materials [Name and details of speaker]

Open Meetings Open Records and Ethics Training Member Training.

Civil Rights Training Updated March Why? Civil Rights Regulations are intended to assure that benefits of Child Nutrition Programs are made available.

Complaint Handling What is a complaint ‘ Any expression of dissatisfaction, whether oral or written, and whether justified or not, from or on behalf.

From Facebook to Mugshots Facebook/MySpace EDD: Legal, social & ethical issues in use of modern personal posting technologies in law enforcement and academic.

[ Direct marketing – an introduction to data protection and privacy] For [insert name of organisation] presented by [insert name of presenter] on [date]

CANADA’S ANTI-SPAM LEGISLATION (CASL)

Prepared by Kris Twomey Law Office of Kristopher E. Twomey, P.C.

Privacy principles Individual written policies

Amber Process Guide: Death Claim Process Financial Adviser Guide.

Update on ICANN Domain Name Registrant Work

Data Protection Legislation

Red Flags Rule An Introduction County College of Morris

G.D.P.R General Data Protection Regulations

Government Data Practices & Open Meeting Law Overview

Government Data Practices & Open Meeting Law Overview

SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Presentation transcript:

Margie Milam, Senior Director 27 March 2014 Privacy/Proxy Accreditation Survey Results

Summary of Responders 58 Respondents, 11 detailed

7 published customer contact information online, but only 2 included phone number Other Responses: Contacts were not published because they varied by TLD and customer P/P Provider contact information constantly changes and is not posted on the website for that reason P/P Service Contracts and Customer Support

Protecting Customer Contact Details

2 providers: P/P abuse reported like any other abuse compliant Others described specific practices: –Report abuse to –Complaints are monitored, escalated and handled according to internal policies –For substantiated complaints, Provider reveals the identity of the registrant to the complainant or cancels the service –Provider requests any evidence of the illegal use of the domain name to assist in investigation –For malicious abuse (e.g., phishing, malware) complaints, provide independently investigates and verifies the allegations made –One provider will take action if the provider is also hosting the content Complaint Handling

Abuse Processes Is automated processing used to handle abuse inquiries or reveal requests?

3 followed standard UDRP Procedures Several providers immediately deactivate the service and inform the UDRP provider of the underlying registrant Domain is immediately deleted in order to avoid any negative publicity UDRP or URS Procedures

4 responders- automated forwarding 3 responders -case-by-case relay process –Important communications forwarded – s filtered for spam 1 responder- no correspondence relayed 1 responder – online form used to contact customers Postal Mail: 1 responder opens all postal mail –Destroys junk mail –Uses reasonable commercial efforts to scan & forward all reasonably sized postal mail Telephone: –If a telephone call is received, the caller will be informed about how to contact the administrative contact Relaying Customer Correspondence

Relay Processes Is automated or manual processing used to relay correspondence to P/P Customers?

Phone or by to Provider Through member’s console, through which the customer can active or deactivate the service at will Dedicated account manager, accessible by phone/ /mail Customer service is available by phone, , and Live Chat "contact us", "contact owner " and "report abuse" online forms which goes straight through to support team Customer Support provided directly by the Sponsoring Registrar of the domain name Offers online support community to assist with all its products, including My Private Registration. This community is available via the URL Customer Support Services Sample responses:

No responses –In cases where s automatically forwarded –As client entitled to privacy, no procedures to forward Notifying customers –Advise them of risk of not responding, and potential loss of domain name Responding & forwarding to client –In case where trademark holders are clients Responding to Correspondence

3 registrars RAA requirements 2 providers (also registrars) did not validate customer contact details One relied on existing trust relationships instead of validation Validating Customer Contact Details

2 with no requirements, except normal t&c’s 4 -specific conditions of purchase, such as: –Maintaining accurate contact data, which is escrowed –Responsibility for infringement –Provider may take all necessary actions to avoid legal or financial liability –Provider may at any time suspend, disable without liability –Provider may reveal registrant and contact Whois information for any reason –Suspension or termination of the service result in the immediate disclosure of the registrant’s information in WHOIS and to third party claimants – Notification 24 hours before the service is disabled Conditions of Service

2 with no requirements, except normal t&c’s WHOIS Data Reminder Policy Update contact data on request- 3 business days Response requirement on request- 72 hours Revalidation process as required by 2013 RAA Requirements to Retain Service

forward: generally seconds Telephone Fax: same day Postal Mail Scan: 2-5 days Abuse Responses: 72 hours Complaint Forwarding: 2- 7 days Some, no SLA Response Processing Times

No correspondence is accepted, replied to or forwarded All queries are passed on regardless of nature All forwarded communications are forwarded "as is." May also require: –Takedown of offending content –Publication of contact details for commercial services that are permitted LE requests treated the same as other requests Some LE requests forwarded to legal Dept Handling of Inquiries

2 providers- no different than other domain name transfer, renewal or suspension Client issued a separate notice indicating expiry Service automatically renewed along with domain name Registrar transfers only if the privacy function is removed prior to transfer request Registrant transfer ok upon new owner request & new contract For obvious infringement, will suspend the domain name, contact the owner and ask him to take the appropriate action with 5 days and confirm it to us. Transfer, Renewal, and Suspension Procedures

Obvious illegal use Determination of whether an alleged breach of law or regulation has occurred Breach of the terms of use Non-payment of fees Failure to update the content made available under the domain name upon request UDRP action Legal/administrative action at competent court or by competent administrative body Compliance with applicable laws or regulations Valid legal service of process Reasons for Termination

Engaging in prohibited conduct Breach of Registration Agreement Anything which jeopardizes the operation of the Service Technical failure, modification or maintenance On 30 days written notice Service used to conceal illegal, illicit, objectionable or harmful activities Spam, viruses, worms or other harmful computer programs Notice of a claim or complaint including UDRP To avoid legal liability and/or financial loss Use of the domain name for commercial purposes Reasons For Termination

Obvious illegal use On receipt of a valid, verifiable and locally issued court order, complies with [national] legislation and provides legitimate Law Enforcement agencies with the real data In the event that a direct relative of the registrant requests this information, the Customer’s identity is revealed to the relative Legal claim or UDRP Compliance with a registry request Infringement upon the legal rights of a third party, or any third-party trademark or trade name Reasons to Reveal/Publish Customer Contacts

Escrow, Logging and Automation

Logging of Requests Is information related to relayed correspondence, reveal requests, and subsequent actions logged or otherwise retained? If yes, would this information ever be shared with a third party?

Questions? Your Logo

Thank You! Your Logo