Colleagues I made a presentation at RIPE 77 last year about personal data in the RIPE Database. Whilst I have been thinking a lot about this since then, and some other comments have been made on different mailing lists recently, no action has yet been considered.
This is not a trivial issue to fix and there are a number of points to consider. It will most likely require some semantic changes to the RIPE Database, and possibly the internal Registry Database and member portal may need some changes, as well as some work to be done by resource holders. It may also be an appropriate moment to review the requirements for contacts and contact data in both databases. The optimal solution is to manage the changes necessary to be compliant with privacy laws and practices with the least technical changes and work required by resource holders within a reasonable time frame. I see two approaches to doing this, a lightweight and a heavyweight option. The lightweight option is for myself, working with a couple of members who are interested in finding solutions for this issue, to look at all the concerns, raise points with the community for clarification and work towards a policy proposal on personal data in the RIPE Database. The heavyweight option is to set up a task force to look at the whole issue surrounding contacts and personal data, consider possible solutions and report back to the community at a future RIPE Meeting. My personal preference is for the lightweight option. Whilst it is an issue suitable for a Task Force to consider, history shows that Task Forces often take years to reach conclusions and workable solutions. The previous Data Protection Task Force met for 3 years and the recent Accountability Task Force has been meeting for over 2 years, whilst BCOP has been in operation for more than 5 years. I feel this issue needs a solution implementing this year. I would like to hear opinions from the community on which way to go.... cheersdenisco-chair DB-WG
