Message: 5
Date: Wed, 20 Oct 2010 11:25:35 +0200
From: Sergey Myasoedov <sergey@devnull.ru>
To: ncc-services-wg@ripe.net
Subject: [ncc-services-wg] personal data in the NCC

Hello,

I would like to talk about personal data protection. After the audit proc=
ess, NCC demands
that we send them, together with the contract, the ID of person who signs=
 the End User
assignment contract (even if the contract is signed by a person on behalf=
 of company).

It seems strange: the CEO of company that wants IP resources signs the co=
ntract, probably
stamps it and suddenly (!) RIPE NCC asks for the ID of CEO. We (LIR) have=
 no choice on such
operations - we should request ID or RIPE NCC will not assign resources f=
or our customers.

Even more, RIPE NCC requires scans of ID, and this action violates local =
laws in some
countries (for example, CZ or RU). In Russia, personal data can be proces=
sed only after a
special agreement (except some cases mentioned in the law), but we will s=
end the ID images
without any special agreements to the NCC.

I tried to find some statements on data protection in the RIPE NCC or on =
any guarantee of
confidentiality, but no such information found in the standard service ag=
reement or any
policy documents.

On these grounds, I would like to initiate a change. RIPE NCC should have=
 data protection
procedures or RIPE NCC should not request personal IDs of third parties.


--
Sergey




End of ncc-services-wg Digest