[arin-ppml] /32 assignment identification requirement

[Jimmy Hess]

On 4/27/12, Lee Dilkie <lee at dilkie.com> wrote:

> My point was more along the lines of "this is third party information".
> It's one thing for an ISP's customer list to be compromised. At least in
> a lawsuit a customer cannot claim that the ISP had no right to store the
> data. But I worry that for ARIN the argument would come down to that,
[snip]

That would be a point on which I would expect ARIN's counsel to have
provided input, when ARIN developed whatever its internal audit
procedures and any security practices.
Most likely with a priority for ensuring all reasonable actions are
taken to prevent
compromise, so that any compromise is not a result of negligence by ARIN.

I would expect that if it were deemed an issue,  steps would be taken
to mitigate the risk.

Organizations take responsible measures to protect highly sensitive
information all the time.

Do you have experience that gives you reason to question ARIN's
security practices?

--
-JH