PERSON objects in the RIPE Database

Slides:

Advertisements

Similar presentations

Update about the “SHOULDs Analysing Project” in RIPE Policy Documents “Should” we use the RFC 2119 Defined Language in RIPE Policy Documents? Jan Žorž,

Advertisements

Program Management Portal: Overview for the Client

Supply Chain ID & Participant ID Royal Mail Mailmark®

© and The Internet Copyright Law applies to materials found on the internet to the same extent it applies to materials in traditional formats.

Social Media Networking Sites Charlotte Jenkins Designing the Social Web

This is the first page of the log in, this is were you enter your unique details.

“If you build it, they will come.”. Virtual Business  There is much more that goes into a virtual business than just building the web site.  You will.

Data Protection Act. Lesson Objectives To understand the data protection act.

HIPAA Privacy & Security EVMS Health Services 2004 Training.

Unit 12 Additional Evidence Nihal. 1.1 I can describe what types of information are needed. Business card Business cards are important because they show.

Florida Information Protection Act of 2014 (FIPA).

18th APNIC Open Policy Meeting SIG: DB Thursday 2 September 2004 Nadi, Fiji Chair: Xing Li.

Client/User Analysis Website Design. 2 Questions to be answered: What is the purpose of the site? What is the purpose of the site? Who is the site for?

Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.

Instant Messaging Goes to Work Barb Page Masters in Business Communications Final Project May 2003.

Guideline 1 Recordkeeping Capacity Checklist Brisbane August 2012.

© 2006 University of Kansas An LSID resolver for specimens and a digression into issues raised by the use of GUIDs Steve Perry

PestPac Software. Multi Unit & Portal Training The Multi Unit module allows users the flexibility to handle larger properties, such as Apartment Complexes.

Registration Services Feedback Andrea Cima RIPE NCC RIPE 67 - Athens.

APNIC abuse procedures Network abuse BOF. Types of abuse reported Spam Hacking Viruses Identity/credit card fraud Threats and stalking.

CSCI 6962: Server-side Design and Programming Shopping Carts and Databases.

Abuse-c update Denis Walker Business Analyst RIPE NCC Database Team.

Data protection act. During the second half of the 20th century, businesses, organisations and the government began using computers to store information.

OSHA’S NEW RECORD KEEPING RULE What we need to know about submitting record keeping data This PowerPoint may be freely presented and distributed by individuals,

Selecting what to keep and what to bin

Software Project Configuration Management

Data Protection GCSE ICT Mrs N Steventon-2005.

OGF PGI – EDGI Security Use Case and Requirements

The Work Place Report 16 June 2017

How to Implement an IG Manufacturing Quality Procedure System

General Data Protection Regulation (GDPR

Rocketmail RocketMail RocketMail is the fast and clean . RocketMail is a kind of free webmail services RocketMail is a product of Four11 corporation.

Creating a Social Media Policy

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

ERO Portal Overview & CFR Tool Training

Thesis writing Session 2017

General overview GDPR entry in force: 25 May 2018

ROCKETMAIL PASSWORD RECOVERY NUMBER

Microsoft is one of the biggest corporations in the United States and as such, it is very common to find that it has a customer support number which serves.

Why Do We Require Company Law?

The Advantages of Database

How To Recover Your Account If You Forget Your Gmail Password.

Data Protection and GDPR

AFRINIC Services Update

File Stream and Team Drives

GDPR General Data Protection Regulation EU: Coming May 25, 2018

G.D.P.R General Data Protection Regulations

General Data Protection Regulations

An Introduction to Software Engineering

BCG Account Management

Information management and communication

Senior Design room scheduling calendar

PAST POSSIBILITY.

 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:

The General Data Protection Regulation Six months on – What’s changed

GDPR, PCS UG 15th May 2018, Vienna.

How to upgrade your RSFORM!PRO forms for GDPR compliance

IPv4 space advances from brokers – what you need to know

Work Orders I will be reviewing Work Orders and addressing some problematic issues.

Identify the laws and guidelines that affect day-to-day use of IT.

Data Protection What can I do? GDPR Principles General Data Protection

Legal and Compliance EMEA Channel Citrix Partner Accelerator

User Profile Management

Status Report on Policy Implementation at the APNIC Secretariat

Property Control Asset Forms

Presented by: Steve Gerdes 26 January 2019

Privacy Principles Melinda Clarke.

Why do we need to keep records

Getting Ready For GDPR Simon Marks Director

Presentation transcript:

PERSON objects in the RIPE Database 1

The Issue There are 2+ million referenced PERSON objects, with 8+ million total objects 23% of RIPE Database is personal data There are also about 104k ROLE objects, some may contain personal data

Justification for storing personal data T&C define one purpose of Database as facilitating contact for operational issues Address policies require contact details for resource holders and some end users of public address space Address policies acknowledge privacy concerns

Who are these people? About 1.5m have a single reference from INET(6)NUM objects these may be tech contacts or could be customers with assigned address space Half a million have same name/phone, probably duplicates

Creation There has been a steady creation rate for about 15 years

Email addresses There are about 100k unique email addresses in various notification attributes These may also be a mix of personal and corporate data

Is there a problem? From the analysis I’ve done so far it is not possible to identify how much of this personal data can be justified Maybe 90% is justified, or perhaps only 20% With general EU privacy laws and GDPR in particular, does this give (someone?) a legal problem? Who is accountable for this personal data being in the database? If the justification for this data being in the database is questioned, who will take the responsibility for answering that question?

What is a contact? Original Database design intended PERSON objects to be mainly referenced from ROLE objects, all other objects to reference the ROLE objects This wasn't enforced by the software Historically most users ignored ROLE objects in favour of PERSON objects MNTNER objects cannot be created without a PERSON object No where is it documented that PERSON objects should contain business data

What is a contact? "abuse-c" was specifically designed to enforce the use of ROLE objects ROLE objects no longer need to reference PERSON objects Why can't most contacts be roles? Should the software (finally) enforce that? What information is needed from a contact? Can we justify storing personal data for a contact if no personal data is needed?

Distribution How are these 2m PERSON objects linked to organisations? No apologies for the dryness of these numbers They need to be seen as they are quite surprising

Organisations with 100k+ PERSON objects 3 Telekom companies totaling 856k Top organisation has 613k PERSON objects 5 x what next 2 organisations have 10 x what most other Telekom organisations have Why?

Organisations with 5k to 50k PERSON objects After the top 3 there is a drop to around 50k 43 organisations totalling 704k PERSON objects

Who are these organisations? Summarising the organisations with 5k+: 46 organisations 35 telekom 7 service providers 4 others Totalling 1.56m PERSON objects 110 organisations between 1k and 5k, totalling 230k PERSON objects Everyone else totalling 233k PERSON objects

What next? We still don't know if these people are contacts We still don't know if these PERSON objects contain personal or business data Contact details not changed in 20 years (address, fax-no?)