Presentation is loading. Please wait.

Presentation is loading. Please wait.

PERSON objects in the RIPE Database

Published byEmerald Annabella Wood Modified over 5 years ago

Similar presentations

Presentation on theme: "PERSON objects in the RIPE Database"— Presentation transcript:

1 PERSON objects in the RIPE Database
1

2 The Issue There are 2+ million referenced PERSON objects, with 8+ million total objects 23% of RIPE Database is personal data There are also about 104k ROLE objects, some may contain personal data

3 Justification for storing personal data
T&C define one purpose of Database as facilitating contact for operational issues Address policies require contact details for resource holders and some end users of public address space Address policies acknowledge privacy concerns

4 Who are these people? About 1.5m have a single reference from INET(6)NUM objects these may be tech contacts or could be customers with assigned address space Half a million have same name/phone, probably duplicates

5 Creation There has been a steady creation rate for about 15 years

6 addresses There are about 100k unique addresses in various notification attributes These may also be a mix of personal and corporate data

7 Is there a problem? From the analysis I’ve done so far it is not possible to identify how much of this personal data can be justified Maybe 90% is justified, or perhaps only 20% With general EU privacy laws and GDPR in particular, does this give (someone?) a legal problem? Who is accountable for this personal data being in the database? If the justification for this data being in the database is questioned, who will take the responsibility for answering that question?

8 What is a contact? Original Database design intended PERSON objects to be mainly referenced from ROLE objects, all other objects to reference the ROLE objects This wasn't enforced by the software Historically most users ignored ROLE objects in favour of PERSON objects MNTNER objects cannot be created without a PERSON object No where is it documented that PERSON objects should contain business data

9 What is a contact? "abuse-c" was specifically designed to enforce the use of ROLE objects ROLE objects no longer need to reference PERSON objects Why can't most contacts be roles? Should the software (finally) enforce that? What information is needed from a contact? Can we justify storing personal data for a contact if no personal data is needed?

10 Distribution How are these 2m PERSON objects linked to organisations?
No apologies for the dryness of these numbers They need to be seen as they are quite surprising

11 Organisations with 100k+ PERSON objects
3 Telekom companies totaling 856k Top organisation has 613k PERSON objects 5 x what next 2 organisations have 10 x what most other Telekom organisations have Why?

12 Organisations with 5k to 50k PERSON objects
After the top 3 there is a drop to around 50k 43 organisations totalling 704k PERSON objects

13 Who are these organisations?
Summarising the organisations with 5k+: 46 organisations 35 telekom 7 service providers 4 others Totalling 1.56m PERSON objects 110 organisations between 1k and 5k, totalling 230k PERSON objects Everyone else totalling 233k PERSON objects

14 What next? We still don't know if these people are contacts
We still don't know if these PERSON objects contain personal or business data Contact details not changed in 20 years (address, fax-no?)

15

Download ppt "PERSON objects in the RIPE Database"

Similar presentations

Update about the “SHOULDs Analysing Project” in RIPE Policy Documents “Should” we use the RFC 2119 Defined Language in RIPE Policy Documents? Jan Žorž,

Update about the “SHOULDs Analysing Project” in RIPE Policy Documents “Should” we use the RFC 2119 Defined Language in RIPE Policy Documents? Jan Žorž,
Program Management Portal: Overview for the Client

Program Management Portal: Overview for the Client
Supply Chain ID & Participant ID Royal Mail Mailmark®

Supply Chain ID & Participant ID Royal Mail Mailmark®
© and The Internet Copyright Law applies to materials found on the internet to the same extent it applies to materials in traditional formats.

© and The Internet Copyright Law applies to materials found on the internet to the same extent it applies to materials in traditional formats.
Social Media Networking Sites Charlotte Jenkins Designing the Social Web 06-10-2011.

Social Media Networking Sites Charlotte Jenkins Designing the Social Web
This is the first page of the log in, this is were you enter your unique email details.

This is the first page of the log in, this is were you enter your unique details.
“If you build it, they will come.”. Virtual Business  There is much more that goes into a virtual business than just building the web site.  You will.

“If you build it, they will come.”. Virtual Business  There is much more that goes into a virtual business than just building the web site.  You will.
Data Protection Act. Lesson Objectives To understand the data protection act.

Data Protection Act. Lesson Objectives To understand the data protection act.
HIPAA Privacy & Security EVMS Health Services 2004 Training.

HIPAA Privacy & Security EVMS Health Services 2004 Training.
Unit 12 Additional Evidence Nihal. 1.1 I can describe what types of information are needed. Business card Business cards are important because they show.

Unit 12 Additional Evidence Nihal. 1.1 I can describe what types of information are needed. Business card Business cards are important because they show.
Florida Information Protection Act of 2014 (FIPA).

Florida Information Protection Act of 2014 (FIPA).
18th APNIC Open Policy Meeting SIG: DB Thursday 2 September 2004 Nadi, Fiji Chair: Xing Li.

18th APNIC Open Policy Meeting SIG: DB Thursday 2 September 2004 Nadi, Fiji Chair: Xing Li.
Client/User Analysis Website Design. 2 Questions to be answered: What is the purpose of the site? What is the purpose of the site? Who is the site for?

Client/User Analysis Website Design. 2 Questions to be answered: What is the purpose of the site? What is the purpose of the site? Who is the site for?
Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.

Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.
Instant Messaging Goes to Work Barb Page Masters in Business Communications Final Project May 2003.

Instant Messaging Goes to Work Barb Page Masters in Business Communications Final Project May 2003.
Guideline 1 Recordkeeping Capacity Checklist Brisbane August 2012.

Guideline 1 Recordkeeping Capacity Checklist Brisbane August 2012.
© 2006 University of Kansas An LSID resolver for specimens and a digression into issues raised by the use of GUIDs Steve Perry

© 2006 University of Kansas An LSID resolver for specimens and a digression into issues raised by the use of GUIDs Steve Perry
PestPac Software. Multi Unit & Portal Training The Multi Unit module allows users the flexibility to handle larger properties, such as Apartment Complexes.

PestPac Software. Multi Unit & Portal Training The Multi Unit module allows users the flexibility to handle larger properties, such as Apartment Complexes.
Registration Services Feedback Andrea Cima RIPE NCC RIPE 67 - Athens.

Registration Services Feedback Andrea Cima RIPE NCC RIPE 67 - Athens.
APNIC abuse procedures Network abuse BOF. Types of abuse reported Spam Hacking Viruses Identity/credit card fraud Threats and stalking.

APNIC abuse procedures Network abuse BOF. Types of abuse reported Spam Hacking Viruses Identity/credit card fraud Threats and stalking.

Similar presentations

Ads by Google