[arin-ppml] Revised - ARIN-2024-2: WHOIS Data Requirements Policy for Non-Personal Information

Owen DeLong owen at delong.com
Tue Jun 25 19:33:27 EDT 2024 

Does whois currently allow PO Box numbers without a physical address also supplied?

Owen


> On Jun 25, 2024, at 11:33, ARIN <info at arin.net> wrote:
> 
> The following Draft Policy has been revised:
> 
> * ARIN-2024-2: WHOIS Data Requirements Policy for Non-Personal Information
> 
> Revised text is below and can be found at:
> 
> https://www.arin.net/participate/policy/drafts/2024_2/
> 
> You are encouraged to discuss all Draft Policies on PPML. The AC will evaluate the discussion to assess the conformance of this Draft Policy with ARIN's Principles of Internet number resource policy as stated in the Policy Development Process (PDP). Specifically, these principles are:
> 
> * Enabling Fair and Impartial Number Resource Administration
> * Technically Sound
> * Supported by the Community
> 
> 
> The PDP can be found at:
> 
> https://www.arin.net/participate/policy/pdp/ 
> 
> 
> Draft Policies and Proposals under discussion can be found at:
> 
> https://www.arin.net/participate/policy/drafts/
> 
> 
> Regards,
> 
> Eddie Diego
> Policy Analyst
> American Registry for Internet Numbers (ARIN)
> 
> 
> Draft Policy ARIN-2024-2: WHOIS Data Requirements Policy for Non-Personal Information
> 
> Problem Statement:
> 
> ARIN’s mission includes maintaining and distributing registration information about who holds Internet number resources (Internet Protocol (IP) addresses and Autonomous System Numbers (ASNs)) in a public database referred to as Whois.  Whois provides network operators, technical troubleshooters, law enforcement, researchers, and other interested parties with information about which organization administers specific Internet number resources. Distributing this non-personal information is very much in the public interest of proper functioning of the Internet.
> 
> While ARIN continues to recognize the ongoing relevancy and importance for publicly available WHOIS information in its control, ARIN must also take stock of evolving regional developments pertaining to data privacy and the cross-border sharing of personally identifying information (PII) which have led to or could lead to redactions among similar WHOIS resources outside of ARIN’s purview.
> 
> In light of such developments, it is important for ARIN to codify its WHOIS data requirements and disclosure practices in a manner that is both a) respectful of privacy rights pertaining to PII and b) cognizant of the value non-PII data plays in the security of the Internet and the protection of the general public.
> 
> Currently there are no ARIN policies that clearly define what organization and associated point of contact information must be provided and registered in the public Whois. This proposal attempts only to clarify and codify ARIN’s existing practice regarding organization and contact data collection and display in Whois.
> 
> Policy Statement:
> 
> 2.12
> 
> Modify 2.12 to read:
> 
> Information needed to uniquely identify an Organization. Differing uses within ARIN online, L/RSA, and the NRPM could have different requirements.
> 
> 3.8 Directory Service Records
> 
> Modify 3.8.1 to include the following sentence:
> 
> All organization registration records will be visible in the public Whois.
> 
> Add 3.8.2
> 
> 3.8.2 Required Organization Record Information
> 
> The following information must be provided to ARIN to register an organization record:
> 
>     *Org Name
> 
>     *Org Address
> 
>          - LINE 1: STREET ADDRESS OR POST OFFICE BOX NUMBER 
> 
>          - LINE 2: CITY OR TOWN NAME, OTHER PRINCIPAL SUBDIVISION (i.e. PROVINCE, STATE, COUNTY, ETC.) AND POSTAL CODE (IF KNOWN) (Note: in some countries, the postal code may precede the city or town name)
> 
>          - LINE 3: COUNTRY NAME
> 
> Add 3.8.3 Point of Contact Record Creation
> 
> An organization may register designated Points of Contact to manage its organization and resource registration records to include Administrative, Technical, NOC and Abuse contacts. These Points of Contact shall be representatives of the organization and any information provided to ARIN shall be that contact’s associated organizational information and not personal data.
> 
> Point of Contact registration records will generally be visible in the public Whois. Refer to NRPM 3.3 and NRPM 4.2.3.7.3.2 for exceptions to this general rule.
> 
> Add 3.8.4 Required Point of Contact Record Information.
> 
> The following information must be provided to ARIN to register an organization or resource Point of Contact:
> 
>     * Contact Name (this can be an individual representative of the company or a role account)
> 
>     * Contact’s Address
> 
>          - LINE 1: STREET ADDRESS OR POST OFFICE BOX NUMBER 
> 
>          - LINE 2: CITY OR TOWN NAME, OTHER PRINCIPAL SUBDIVISION (i.e. PROVINCE, STATE, COUNTY, ETC.) AND POSTAL CODE (IF KNOWN) (Note: in some countries, the postal code may precede the city or town name)
> 
>          - LINE 3: COUNTRY NAME
> 
>     * Contact’s Organization Phone Number
> 
>     * Contact’s Organization E-Mail Address
> 
> 
> Timetable:  Immediate
> 
> 
> 
> 
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list