Data Privacy: Difference between revisions
No edit summary |
No edit summary |
||
| Line 7: | Line 7: | ||
* [[California Consumer Privacy Act]] (CCPA) - California state privacy statute that includes online privacy protection. | * [[California Consumer Privacy Act]] (CCPA) - California state privacy statute that includes online privacy protection. | ||
==ICANN PDPs== | ==ICANN Policy and PDPs== | ||
* [[Expedited Policy Development Process on the Temporary Specification for gTLD Registration Data (EPDP)]] is concerned with enabling the provision of registration data while maintaining compliance with data protection laws. | * The ICANN Board approved the [[Temporary Specification for gTLD Registration Data]] in response to conflicts between its existing registration policies and the GDPR.<ref>[https://www.icann.org/resources/pages/gtld-registration-data-specs-en ICANN.org - Temporary Specification for gTLD Registration Data], effective as of May 27, 2018</ref> The specification was intended to be supplanted within a year by consensus policy developed through an [[Expedited Policy Development Process]] (see next bullet). Under these terms, the Temporary Specification expired in May 2019.<ref name="interim">[https://www.icann.org/resources/pages/interim-registration-data-policy-en ICANN.org - Interim Registration Data Policy], May 17, 2019</ref> | ||
* The [[Expedited Policy Development Process on the Temporary Specification for gTLD Registration Data (EPDP)]] is concerned with enabling the provision of registration data while maintaining compliance with data protection laws. The EPDP was broken into three phases (Phase 1, Phase 2, and Phase 2A). While all of the phases have resulted in final reports to the board, the implementation of policy resulting from the EPDP is ongoing as of December 2021. | |||
* As part of Phase 1 of the EPDP, the [[Interim Registration Data Policy]] was approved by the board in May 2019.<ref name="interim blog">[https://www.icann.org/en/announcements/details/icann-gtld-registries-and-registrars-required-to-implement-new-interim-registration-data-policy-by-20-may-2019-17-5-2019-en ICANN.org - gTLD Registries and Registrars Required to Implement New Interim Registration Data Policy], May 17, 2019</ref> The interim policy requires registries and registrars to comply with the Temporary Specification until the Data Registration Policy recommended by EPDP Phase 1 is implemented.<ref name="interim" /> It was recommended by the EPDP Phase 1 team that the Data Registration Policy be rolled out by February 2020.<ref name="interimblog" /> | |||
==Privacy Automation== | ==Privacy Automation== | ||
Revision as of 22:21, 23 November 2021
Data privacy concerns the handling of sensitive information, and consumer rights to privacy of their personal information.
Legislation & Regulation[edit | edit source]
- General Data Protection Regulation (GDPR) - EU regulation, applicable to all member nations and anyone with a nexus with the European Economic Area.
- The Health Insurance Portability and Accountability Act (HIPAA) - U.S. federal law governing the privacy and security of personal health information.
- The Children's Online Privacy Protection Act (COPPA) - U.S. federal law governing the privacy of children and minors online.
- California Consumer Privacy Act (CCPA) - California state privacy statute that includes online privacy protection.
ICANN Policy and PDPs[edit | edit source]
- The ICANN Board approved the Temporary Specification for gTLD Registration Data in response to conflicts between its existing registration policies and the GDPR.[1] The specification was intended to be supplanted within a year by consensus policy developed through an Expedited Policy Development Process (see next bullet). Under these terms, the Temporary Specification expired in May 2019.[2]
- The Expedited Policy Development Process on the Temporary Specification for gTLD Registration Data (EPDP) is concerned with enabling the provision of registration data while maintaining compliance with data protection laws. The EPDP was broken into three phases (Phase 1, Phase 2, and Phase 2A). While all of the phases have resulted in final reports to the board, the implementation of policy resulting from the EPDP is ongoing as of December 2021.
- As part of Phase 1 of the EPDP, the Interim Registration Data Policy was approved by the board in May 2019.[3] The interim policy requires registries and registrars to comply with the Temporary Specification until the Data Registration Policy recommended by EPDP Phase 1 is implemented.[2] It was recommended by the EPDP Phase 1 team that the Data Registration Policy be rolled out by February 2020.[4]
Privacy Automation[edit | edit source]
Organizations & Groups[edit | edit source]
Global[edit | edit source]
- Digital Privacy Alliance
- Electronic Frontier Foundation
- Electronic Privacy Information Center
- Identity Theft Resource Center
- International Association of Privacy Professionals
- Privacy International
- Privacy Rights Clearing House
- World Privacy Forum
Regional[edit | edit source]
Overlaps with Cybersecurity[edit | edit source]
Data security is a central theme of privacy regulations. In addition to codifying an expectation of privacy, most regulations set minimum standards for the treatment, uses, and protection of personal information. Many regulations also specify how companies and organizations should deal with data breaches. Personal information, particularly personally identifying information or financial information is a prime target of cyber criminals.
References[edit | edit source]
- ↑ ICANN.org - Temporary Specification for gTLD Registration Data, effective as of May 27, 2018
- ↑ 2.0 2.1 ICANN.org - Interim Registration Data Policy, May 17, 2019
- ↑ ICANN.org - gTLD Registries and Registrars Required to Implement New Interim Registration Data Policy, May 17, 2019
- ↑ Cite error: Invalid
<ref>tag; no text was provided for refs namedinterimblog