Hi Amy & All, I went back and re-read 3.13.2 and I’m good with the language in that paragraph. I support the deletion of the 24/7 monitoring language from 3.13.1 and the language in 3.13.2 as it is currently written. Thanks, Sara sara bockey policy manager | GoDaddy™ sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. From: <gdd-gnso-ppsai-impl-bounces@icann.org> on behalf of Amy Bivins <amy.bivins@icann.org> Reply-To: "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> Date: Tuesday, September 5, 2017 at 11:27 AM To: "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> Subject: [Gdd-gnso-ppsai-impl] Materials, action items from today's Privacy/Proxy IRT call Hi, All, Thanks for your attendance and participation on today’s Privacy/Proxy IRT call. If you were unable to attend, I encourage you to review the recording and materials posted on the wiki, https://community.icann.org/display/IRT/5+September+2017 Please provide any additional input you have on the topics discussed today (summary provided below) no later than next Monday, 11 September. Also, please identify any additional PPAA sections that you would like to discuss. We are nearing the end of the PPAA issues list. Once we complete this, if no further topics are raised, we will move on to other unresolved items in preparation for proceeding to public comment. Summary of today’s topics, questions and action items (updated issues list, with complete IRT input, attached): 1. 24/7 monitoring of abuse contact (See PPAA draft Section 3.13.1) * IRT member proposal: Remove requirement that abuse contact be monitored 24/7, as this was not in the Final Report * Background: this provision was modeled on the RAA; Section 3.13.2, provides that “Well-founded reports of Illegal Activity submitted to Provider’s designated Abuse contact must be reviewed within 24 hours by an individual who is empowered by Provider to take necessary and appropriate actions in response to the report, including reports of Abuse submitted by Persons and their representatives pursuant to the Intellectual Property Disclosure Framework Specification.” * IRT input received: Multiple IRT members supported deletion of the 24/7 monitoring requirement from Section 3.13.1. Some IRT members initially asked what the requirement would be instead, but upon consulting Section 3.13.2, said that this would be adequate so long as Section 3.13.2 does not change. * IRT action items: Please review sections 3.13.1 and 3.13.2 and provide any further input to the list. If no additional (or no contrary) input is received, the 24/7 monitoring requirement will be deleted from Section 3.13.1 in the next PPAA draft. 2. De-accreditation process proposal (attached) * Staff provided overview of this process proposal, which was modeled on registrar process, with modifications to accommodate Final Recommendations surrounding Customer notice and other factors. * Initial IRT feedback indicated that requiring terminating providers to notify customers may not be effective, as providers engaged in bad acts or that are out of business may not comply. * Alternative suggestions: i. Have ICANN access data escrow deposits for the purposes of identifying impacted customers (potential data protection issues here); ii. Have registrars attempt to notify customers with any information the registrar has available (issues surrounding unavailability of data); iii. Underlying issue—doing our best to notify customers vs absolute certainty that customers will be notified (may not be possible) * Additional IRT input is requested on all aspects of this proposal, particularly the issues raised on today’s call, surrounding customer notices (and possible ICANN access to escrow data for that purpose). 1. Next steps on data retention * Staff provided summary of IRT input to date and proposed course of action—keep requirements in PPAA draft as-is, pending completion of community’s work on GDPR issues, to avoid over-stepping or conflicts. Update PPAA requirements with anything new from GDPR work if GDPR work is completed prior to end of this IRT, or allow for amendments to PPAA immediately upon completion of GDPR work to account for results of community process. * IRT feedback: PPAA should ultimately incorporate results of GDPR work (apparent consensus here) i. Could language be added to PPAA in the meantime to allow for retention for longest period permitted under applicable law? ii. Could waivers previously granted to registrars under RAA be extended to PPs in same jurisdictions without need for new waiver applications? (1 IRT member was cautious about this approach) As always, if you would like to raise any other issues or feedback, please feel free to send to the list at anytime. I’ll send an agenda and relevant materials for next week’s meeting to the list by the end of this week. Best, Amy Amy E. Bivins Registrar Services and Engagement Senior Manager Registrar Services and Industry Relations Internet Corporation for Assigned Names and Numbers (ICANN) Direct: +1 (202) 249-7551 Fax: +1 (202) 789-0104 Email: amy.bivins@icann.org<mailto:amy.bivins@icann.org> www.icann.org<http://www.icann.org>