The document discusses the General Data Protection Regulation (GDPR) and its effects on WHOIS and domain registration data. Some key points:
- The GDPR aims to protect EU citizens' personal data and applies to any company handling EU residents' data, regardless of location. Non-compliance can result in large fines.
- In response to the GDPR, ICANN has implemented an interim Temporary Specification that removes public display of registrants' personal details from WHOIS and provides third-party access only to those with a legitimate purpose.
- ICANN is working to develop a unified access model that complies with the GDPR while allowing continued access to full registration data for legitimate users, though there are open questions
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
EU General Data Protection Regulation - Update 2017Cliff Ashcroft
This free Lasa webinar looks at why data protection is important in a digital world, and what practical things charities and civil society organisations can do to prepare for when the EU General Data Protection Regulations come into force in May 2018.
It is vital charities use the next 12 months to understand their new responsibilities and put the required processes in place.
Our webinar gives you the opportunity to ensure you are prepared for what’s to come by putting your #GDPR questions to our data protection expert and published author, Paul Ticher.
Lasa does lots more charity tech help and advice - find out more at: Twitter: @lasaict
Acknowledgements:
Lasa actively promotes and supports the Way Ahead – Civil Society at the Heart of London. See www.citybridgetrust.org.uk/publications/way-ahead/
This webinar is supported by the City of London Corporation's charity, City Bridge Trust. www.citybridgetrust.org.uk
GDPR Compliance: What You Need to Know Before May 2018Infosec
Scheduled to come into effect May 25, 2018, the General Data Protection Regulation (GDPR) has struck fear into compliance officers around the world. Much confusion surrounds this new regulation as organizations everywhere work to understand its new requirements and adjust business processes accordingly.
In this webinar, we review:
-- Key GDPR requirements
-- Data types regulated under GDPR
-- How GDPR impacts EU and non-EU businesses
-- Steps to becoming GDPR compliant
-- Consequences of non-compliance
-- How SecurityIQ helps you meet security awareness GPDR requirements
To learn more about SecurityIQ, visit: https://securityiq.infosecinstitute.com/
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
EU General Data Protection Regulation - Update 2017Cliff Ashcroft
This free Lasa webinar looks at why data protection is important in a digital world, and what practical things charities and civil society organisations can do to prepare for when the EU General Data Protection Regulations come into force in May 2018.
It is vital charities use the next 12 months to understand their new responsibilities and put the required processes in place.
Our webinar gives you the opportunity to ensure you are prepared for what’s to come by putting your #GDPR questions to our data protection expert and published author, Paul Ticher.
Lasa does lots more charity tech help and advice - find out more at: Twitter: @lasaict
Acknowledgements:
Lasa actively promotes and supports the Way Ahead – Civil Society at the Heart of London. See www.citybridgetrust.org.uk/publications/way-ahead/
This webinar is supported by the City of London Corporation's charity, City Bridge Trust. www.citybridgetrust.org.uk
GDPR Compliance: What You Need to Know Before May 2018Infosec
Scheduled to come into effect May 25, 2018, the General Data Protection Regulation (GDPR) has struck fear into compliance officers around the world. Much confusion surrounds this new regulation as organizations everywhere work to understand its new requirements and adjust business processes accordingly.
In this webinar, we review:
-- Key GDPR requirements
-- Data types regulated under GDPR
-- How GDPR impacts EU and non-EU businesses
-- Steps to becoming GDPR compliant
-- Consequences of non-compliance
-- How SecurityIQ helps you meet security awareness GPDR requirements
To learn more about SecurityIQ, visit: https://securityiq.infosecinstitute.com/
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
Revising policies and procedures under the new EU GDPRIT Governance Ltd
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Policies - GDPR reference
- What if we don't have policies in place?
- What policies are required?
- How to develop a policy?
A recording of this webinar is available here:
https://www.youtube.com/watch?v=tzsXsf1058Q&feature=youtu.be
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
Turkish Data Protection Act : Is it a reflection of GDPR?TrustArc
Broadcast Date: January 15, 2020 9:00 AM - 10:00 AM EST
https://info.trustarc.com/WB-2020-01-15-TurkishDataProtectionActIsitareflectionofGDPR_RegPage-Nymity.html
In April 2016 the Republic of Turkey published an omnibus data protection act, The Law on the Protection of Personal Data w. no 6698, in the Official Gazette. One of the obligations under this law is to register all data processing operations with the supervisory authority KVKK. At the request of the Turkish business representatives, the deadline for this registration was first postponed until December 31, 2019 and with the latest decision of KVKK on 27th of December, 2019, the deadline for the registration is extended to June 30, 2020. However, it seems no further delay will be announced.
What do organizations need to do to comply with the Turkish Data Protection Act? What does the obligation to register all processing activities entail? And what are the risk of non-compliance? These questions and more will be answered in a special TrustArc -Nymity & Dentons hosted webinar on January 15, 2020.
Key takeaways:
-What are the legal requirements of the law?
-What is the regulatory/enforcement landscape?
-Demonstrating compliance with the Turkish law: taking an Accountability approach
-Using processing activities registered as the basis for the KVKK registration
-Staying up-to-date on Turkey's data protection laws
This webinar is eligible for 1 CPE credit.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Domain management and brand protection in the era of the EU's GDPRBartLieben
Overview on how the General Data Protection Regulation clashes with ICANN's obligations imposed upon registries and registrars to have a publicly accessible WHOIS
GDPR From Implementation to OpportunityDean Sappey
GDPR presents new challenges for law firms across Europe. This presentation explains the implications of GDPR and simple strategies to ensure firms are compliant for its launch in May 2018
Strengthening current personal data protection regulation (EU 95/46), GDPR lays down rules relating to protection of natural persons with regard to processing and free movement of personal data. It applies to all entities in EU member states processing personal data by automated means and processing which form part of a filing system. Application of GDPR will be supervised in Belgium by the privacy commission.
An overview of the principles of GDPR and some tips to implement it in your organization. I would be more than happy to share my views with stakeholders in your company.
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR• Security Metrics• Oversight of third parties• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
The EU’s General Data Protection Regulation (GDPR) takes effect on May 25, 2018. GDPR significantly increases the requirements imposed on companies touching the personal data of EU citizens, and also increases oversight by the EU member states’ data protection authorities. And the consequences of non-compliance under GDPR are massive—the greater of €20 million or four percent of the company’s worldwide turnover.
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
Revising policies and procedures under the new EU GDPRIT Governance Ltd
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Policies - GDPR reference
- What if we don't have policies in place?
- What policies are required?
- How to develop a policy?
A recording of this webinar is available here:
https://www.youtube.com/watch?v=tzsXsf1058Q&feature=youtu.be
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
Turkish Data Protection Act : Is it a reflection of GDPR?TrustArc
Broadcast Date: January 15, 2020 9:00 AM - 10:00 AM EST
https://info.trustarc.com/WB-2020-01-15-TurkishDataProtectionActIsitareflectionofGDPR_RegPage-Nymity.html
In April 2016 the Republic of Turkey published an omnibus data protection act, The Law on the Protection of Personal Data w. no 6698, in the Official Gazette. One of the obligations under this law is to register all data processing operations with the supervisory authority KVKK. At the request of the Turkish business representatives, the deadline for this registration was first postponed until December 31, 2019 and with the latest decision of KVKK on 27th of December, 2019, the deadline for the registration is extended to June 30, 2020. However, it seems no further delay will be announced.
What do organizations need to do to comply with the Turkish Data Protection Act? What does the obligation to register all processing activities entail? And what are the risk of non-compliance? These questions and more will be answered in a special TrustArc -Nymity & Dentons hosted webinar on January 15, 2020.
Key takeaways:
-What are the legal requirements of the law?
-What is the regulatory/enforcement landscape?
-Demonstrating compliance with the Turkish law: taking an Accountability approach
-Using processing activities registered as the basis for the KVKK registration
-Staying up-to-date on Turkey's data protection laws
This webinar is eligible for 1 CPE credit.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Domain management and brand protection in the era of the EU's GDPRBartLieben
Overview on how the General Data Protection Regulation clashes with ICANN's obligations imposed upon registries and registrars to have a publicly accessible WHOIS
GDPR From Implementation to OpportunityDean Sappey
GDPR presents new challenges for law firms across Europe. This presentation explains the implications of GDPR and simple strategies to ensure firms are compliant for its launch in May 2018
Strengthening current personal data protection regulation (EU 95/46), GDPR lays down rules relating to protection of natural persons with regard to processing and free movement of personal data. It applies to all entities in EU member states processing personal data by automated means and processing which form part of a filing system. Application of GDPR will be supervised in Belgium by the privacy commission.
An overview of the principles of GDPR and some tips to implement it in your organization. I would be more than happy to share my views with stakeholders in your company.
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR• Security Metrics• Oversight of third parties• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
The EU’s General Data Protection Regulation (GDPR) takes effect on May 25, 2018. GDPR significantly increases the requirements imposed on companies touching the personal data of EU citizens, and also increases oversight by the EU member states’ data protection authorities. And the consequences of non-compliance under GDPR are massive—the greater of €20 million or four percent of the company’s worldwide turnover.
This webinar covers:
-An overview of the regulatory landscape and territorial scope
-Principles of the EU GDPR
-Breach notification rules
-Data subject rights
-Changes to consent
-Processor liabilities
-Role of the Data Protection Officer
-International transfers
-Regulators and pan-European consistency
You can watch the webinar here https://www.youtube.com/watch?v=DPeJc_zfW3M&list=PLJr1Ghqr5f2i7drhKBNgRD_M4ZIt0mxn4&index=2
apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
APIs and Privacy in the European Legal Context : a study of 4000+ API Terms of Services
Monica Posada, Project Manager of the API Study, Senior Researcher at European Commission, Joint Research Center
Iron Mountain® Policy Center Solution Enterprise EditionInfoGoTo
Policy Center Enterprise Edition combines subscription access to Policy Center, a cloud-based retention and privacy policy management platform, with expert Advisory Services to help you comply with existing and new regulations, such as the General Data Protection Regulation (GDPR). It helps you manage privacy and retention together, so you can know your retention and privacy obligations, and show compliance.
This webinar delivers an overview of:
- The GDPR and what it means for Cloud service providers
- The technical and organisational measures applicable to Cloud service providers
- The policies and procedures required by the GDPR
- The 'privacy by design' and 'privacy by default' requirements
- The rights of data subjects
- Breach notification obligations
- The impact of subcontracting on Cloud service providers
- ISO 27018 and implementing security controls for personally identifiable information in the Cloud.
A recording of this webinar is available here:
https://www.youtube.com/watch?v=8i7adBubDzw
Webinar presented live on May 11, 2017.
As data is increasingly accessed and shared across geographic boundaries, a growing web of conflicting laws and regulations dictate where data can be transferred, stored, and shared, and how it is protected. The Object Management Group® (OMG®) and the Cloud Standards Customer Council™ (CSCC™) recently completed a significant effort to analyze and document the challenges posed by data residency. Data residency issues result from the storage and movement of data and metadata across geographies and jurisdictions.
Attend this webinar to learn more about data residency:
• How it may impact users and providers of IT services (including but not limited to the cloud)
• The complex web of laws and regulations that govern this area
• The relevant aspects – and limitations -- of current standards and potential areas of improvement
• How to contribute to future work
Read the OMG's paper, Data Residency Challenges and Opportunities for Standardization: http://www.omg.org/data-residency/
Read the CSCC's edition of the paper, Data Residency Challenges: http://www.cloud-council.org/deliverables/data-residency-challenges.htm
Exchange on request, automatic exchange of financial account information and TRACE (Treaty Relief and Compliance Enhancement), spontaneous exchange of rulings, country-by-country reporting, voluntary disclosure programmes.
Session by Achim Pross, Head, International Co-operation and Tax Administration Division, OECD Centre for Tax Policy and Administration and Monica Bhatia, Head, Secretariat of the Global Forum on Transparency and Exchange of Information for Tax Purposes, Meeting of the OECD Parliamentary Group on Tax, 19 Oct 2015
Bridging the Gap Between Privacy and RetentionInfoGoTo
This slideshare explores the vital connection between privacy and retention and explores some tools and approaches that can help organizations successfully manage them in tandem.
Appointing a Data Protection Officer under the GDPRIT Governance Ltd
This webinar discusses the following:
- The specific situation in which organisations are required to appoint a DPO
- The DPO's relation to the controller, processor and senior management/the board
- The responsibilities of the DPO
- The function of data protection impact assessment under the GDPR
- The legal requirements for appointing a DPO
A recording of this webinar is available here:
https://www.youtube.com/watch?v=U06aooC-MRU
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
DV 2016: Making Sense of the Current Legal LandscapeTealium
Chris Slovak /Maltie Maraj, Tealium
In today’s digital world, with the rich streams of customer data now available come important responsibilities in data governance. From the vendors we choose to work with, to the policies and practices we have in place, today’s marketers are increasingly responsible for ensuring customer data is handled with the utmost concern for security and privacy. In this session, Chris Slovak, VP of Global Sales Solutions at Tealium, and Maltie Maraj, Lead Counsel at Tealium, will detail the current legal landscape (in marketers’ terms!), and provide guidelines for a more comprehensive approach to data governance and informed technology decisions.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
1. General Data Protection Regulation (GDPR)
Savenaca Vocea
APNIC 46, Noumea
11 September 2018
& WHOIS at ICANN
2. | 2
About the General Data Protection Regulation (GDPR)
¤ The European Union’s (EU’s) GDPR aims to protect EU citizens and residents from
privacy and data breaches (took effect 25 May 2018)
¤ “The Regulation is an essential step to strengthen citizens' fundamental rights in the
digital age and facilitate business by simplifying rules for companies in the Digital Single
Market.”
¤ Applies to all companies processing and holding the personal data of subjects residing in
the EU, regardless of the company’s location
¤ Failure to comply may result in fines up to €20 million or 4% of global annual turnover
¤ European Data Protection Authorities will interpret and enforce the regulation, and
European courts will resolve any disputes
¤ More information: http://ec.europa.eu/justice/data-protection/reform/index_en.htm
3. | 3
What is Registration Directory Services (RDS)/WHOIS
¤ Registration Directory Services (RDS) is a publicly available and distributed directory containing
information about registered domains such as icann.org
¡ Each registrar and registry operator maintains its own database of registration data and provides
access to this data via its own directory service
¤ RDS has evolved to serve the need of many different stakeholders, such as registrants, law
enforcement agents, intellectual property and trademark owners, businesses and individuals
¤ The stable operation of the Internet relies on the basic concept that you cannot run a hierarchical and
decentralized system like the Internet (a network of networks) if you cannot find the people who operate
it to warn of problems and coordinate responses to operational issues
¤ In addition, the WHOIS system helps serve the public interest as it contributes to the security and
stability of the Internet by providing contact information to support issues related to consumer
protection, investigation of cybercrime, DNS abuse and intellectual property; as well as to address
appropriate law enforcement needs.
4. | 4
ICANN: Preparing for the GDPR
¤ The GDPR affects ICANN in at least 2 areas:
1. Contracted Parties: Personal data that participants in the domain name ecosystem
collect, display, and process, including registries and registrars pursuant to ICANN
contracts
2. Internal: Personal data that ICANN collects and processes for internal or external
services
¤ Closely monitoring global data protection/privacy developments. We are also tracking
developments in other jurisdictions as ICANN understands that the landscape outside of
Europe also is undergoing change and ICANN will take this into account in the proposed
legal review.
¤ Engaging with contracted parties, the European community, data protection agencies, and
other pertinent stakeholders including law enforcement and the IP community to better
understand the relevant aspects regarding GDPR
¤ Overview of activity available at: https://www.icann.org/dataprotectionprivacy
5. | 5
ICANN: Preparing for the GDPR
¤ September 2017: Published matrix of personal data contracted parties collect, transmit, or publish, and for
what uses
¤ October 2017: Discussions at ICANN60 and various webinars
¤ November 2017: Contractual Compliance statement and call for input on models
¤ Oct.-Dec. 2017: 3-party external legal analysis by Swedish law firm Hamilton
¤ January 2018: Publication of proposed models for input
¤ March 2018: Published detailed description of Proposed Interim Compliance Model
¤ April 2018: Received guidance on model from Article 29 Working Party, continuing dialogue
¤ 17 May 2018: ICANN Board approves Temporary Specification for gTLD Registration Data
¤ 18 June 2018: ICANN shares draft Framework Elements for a Unified Access Model for Continued Access
to Full WHOIS Data for the community’s review and feedback
¤ 19 July 2018: GNSO launches Expedited Policy Development Process to consider adopting the Temporary
Specification as Consensus Policy
¤ 20 August 2018: ICANN shares Draft Framework for a Possible Unified Access Model for Continued
Access to Full WHOIS Data for community input
¤ 21 August 2018: ICANN Board reaffirms Temporary Specification
6. | 6
Developing a Possible Unified Access Model
Developing a Unified Access Model
¤ 18 June 2018: ICANN published “Framework Elements for a Unified Access Model for Continued
Access to Full WHOIS Data” for community feedback. Goal is to develop a model in line with the
GDPR to provide legal certainty for all parties
¤ 20 August 2018: ICANN published “Draft Framework for a Possible Unified Access Model for
Continued Access to Full WHOIS Data” for further community input at gdpr@icann.org.
¡ Areas of community convergence include:
• using RDAP as the technical method for providing access,
• having strong safeguards in terms of use.
¡ Areas with differing views include:
• whether authenticated users must provide a legitimate interest for each individual
authenticated query,
• logging requirements,
• whether full WHOIS data set must be returned for authenticated query,
• who must provide access (registry, registrar, or both),
• and whether there ought to be a fee for access.
7. | 7
Expedited Policy Development Process (EPDP)
¤ The ICANN Generic Names Supporting Organization has initiated an Expedited Policy Development
Process to consider whether or not to confirm the Temporary Specification as consensus policy by 25
May 2019 (the date the Temporary Specification will expire). Read more here.
¤ EPDP triggered by ICANN Board’s adoption of the Temp Spec
¤ To confirm, or not, the Temp Specs as Consensus Policy by 25 May 2019
¤ Discuss a standardized access model to nonpublic registration data
¡ Only after the “gating questions” specified in the EPDP Team’s Charter are addressed
¤ Only covers topics in the Temp Spec
8. | 8
Registration Data Access Protocol (RDAP)
¤ RDAP delivers registration data much like WHOIS, but its implementation will help standardize
registration data access and query response formats, and secure access to data. RDAP also provides
native support for Internationalized Domain Names (IDNs), and more importantly, the ability to provide
a uniform and robust platform for layered access to registration data for legitimate users.
¤ The Temporary Specification directed the creation of a gTLD-RDAP Profile(s) as a prerequisite to
launching the Registration Data Access Protocol (RDAP) service across the gTLD space.
¤ ICANN org has received a proposal from a discussion group of gTLD registries and registrars and has
published it for public comment. The comment period closes 13 October 2018.
¤ RDAP services from gTLD registries and registrars are expected to be required by the end of March
2019.
10. | 10
VS
What has not changed?
¤ Registration Data for all of the applicable
fields will continue to be collected,
transferred, and retained as before.
¤ Registrars and registry operators are
required to continue to escrow
Registration Data.
¤ Existing rules and procedures for rights
protection mechanisms and the
trademark clearinghouse remain in
place.
Changes to WHOIS since 25 May 2018
What has changed?
¤ Access to Registration Data will be
tiered/layered. Personal data will be
redacted for Registration Data
processed in the EU. Third-party with
legitimate interest may gain access to
non-public Registration Data by
contacting the relevant
registrar/registry operator.
¤ Registrars will provide an anonymized
email address or web form to contact
registrants, admin and tech contacts.
¤ All other information for tech and
admin contacts will be redacted.
11. | 11
WHOIS Before and After 25 May 2018
WHOIS record field Before 25 May Current WHOIS
Domain Name Display Display
Registry Domain ID Display Display
Registrar WHOIS
Server
Display Display
Registrar URL Display Display
Updated Date Display Display
Creation Date Display Display
Registry Expiry Data Display Display
Registrar Registration
Expiration Date
Display Display
Registrar Display Display
Registrar IANA ID Display Display
Registrar Abuse
Contact Email
Display Display
Registrar Abuse
Contact Phone
Display Display
12. | 12
WHOIS Before and After
WHOIS record field Before 25 May Current WHOIS
Reseller Display Display
Domain Status Display Display
Domain Status Display Display
Domain Status Display Display
Registry Registrant ID Display Do not display
Registrant Name Display Do not display
Registrant Organization Display Display
Registrant Street Display Do not display
Registrant City Display Do not display
Registrant
State/Province
Display Display
Registrant Postal Code Display Do not display
Registrant Country Display Display
Registrant Phone Display Do not display
Registrant Phone Ext Display Do not display
13. | 13
WHOIS Before and After
WHOIS record field Before 25 May Current WHOIS
Registrant Fax Display Display
Registrant Fax Ext Display Display
Registrant Email Display Anonymized email or web form
Registry Admin ID Display Display
Admin Name Display Display
Admin Organization Display Display
Admin Street Display Display
Admin City Display Display
Admin State/Province Display Display
Registrant Fax Display Display
Registrant Fax Ext Display Display
Registrant Email Display Display
Registry Admin ID Display Display
Admin Name Display Display
14. | 14
WHOIS Before and After
WHOIS record field Before 25 May Current WHOIS
Admin Organization Display Do not display
Admin Street Display Do not display
Admin City Display Do not display
Admin State/Province Display Do not display
Admin Postal Code Display Do not display
Admin Country Display Do not display
Admin Phone Display Do not display
Admin Phone Ext Display Do not display
Admin Fax Display Do not display
Admin Fax Ext Display Do not display
Admin Email Display Anonymized email or web form
Registry Tech ID Display Do not display
Tech Name Display Do not display
Tech Organization Display Do not display
15. | 15
WHOIS Before and After
WHOIS record field Before 25 May Current WHOIS
Tech Street Display Do not display
Tech City Display Do not display
Tech State/Province Display Do not display
Tech Postal Code Display Do not display
Tech Country Display Do not display
Tech Phone Display Do not display
Tech Phone Ext Display Do not display
Tech Fax Display Do not display
Tech Fax Ext Display Do not display
Tech Email Display Anonymized email or web form
16. | 16
WHOIS Before and After
WHOIS record field Before 25 May Current WHOIS
Name Server Display Display
Name Server Display Display
DNSSEC Display Display
DNSSEC Display Display
URL of ICANN Whois
Inaccuracy Complaint Form
Display Display
>>> Last update of WHOIS
database
Display Display
17. Visit us at icann.org
Engage with ICANN – Thank You and Questions