RFC relevance of document

As per Relevance of the word document, we have this rfc below:

Network Working Group J.
Request for Comments: 1355
FYI: 15 A.

August 1992

Privacy and Accuracy Issues in Network Information

Status of This

This memo provides information for the Internet community. It
not specify an Internet standard. Distribution of this memo
unlimited

This document provides a set of guidelines for the administration
operation of public Network Information Center (NIC) databases.
purpose is to formalize procedures for the responsible handling
the personal and organizational information maintained by NICs
publically accessible databases, and to improve the accuracy
accessibility of such data where appropriate

This document is based upon the work of the Network
Services Infrastructure (NISI) working group in the User
Area of the IETF. Thanks are due to the members of this
group who contributed ideas and comments, especially to Glee
(University of Michigan) for her significant contributions.
thanks are also extended to Steve Crocker (TIS) for his guidance
this area. Due to the natural overlap between NIC databases
public user directories, this document also references
contained in the North American Directory Forum's (NADF) "User
of Rights for Entries and Listings in the Public Directory" (
1295).

1.

The purpose of this document is to consider the privacy and
issues that result from many NIC databases being publicly accessible
This document considers only generic concerns about such systems;
intentionally does not make recommendations for specific databases
the Internet. Clearly, it is the responsibility of each NIC
determine what procedures should apply for each of its databases
The document discusses the obligations a NIC that maintains such

Curran & Marine [Page 1]

RFC 1355 Privacy and Accuracy in NIC Databases August 1992

database has towards those about whom data appears in the database
These obligations apply to database entries that contain
that is publically accessible to Internet users

2. Background and

In fulfilling the functions of a Network Information Center, each
needs to collect and distribute a variety of information about
network it serves. Much of the information handled by a NIC
"directory" information that provides pointers to people
organizations, and resources throughout a network. The use
publically accessible databases to disseminate such data is seen
beneficial to the Internet because it allows efficient
retrieval by users, Network Operation Centers (NOCs), and other NICs

This document is organized into two parts. The first part
recommendations for preventing unauthorized disclosure of
in NIC databases. The second part recommends formal
guidelines for NIC databases

3. NIC Database

The existence of publically accessible databases brings up a
of significant questions regarding controls over the gathering
distribution of the data. It is important that these concerns
addressed prior to the wide-scale deployment of a public NIC
or a NIC risks having to retrofit an established system to
guidelines regarding such controls when they are finally available

For each publically accessible database that a NIC manages, the
needs to provide a clear statement of the purpose of the database
the types of information it contains, and the privacy policy
applies to the information stored within it. In general, this
should inform people or organizations listed in the database of
content and purpose of their database entries. Specifically,
privacy policy should

1) Describe why the NIC needs the information and how it will
the information

2) List of all the information being stored in an entry

3) Detail which information will be made available outside of
NIC, to whom it will be made available, and for what purpose

4) Provide for notification of any person or organization
to the database at the request of a third party

Curran & Marine [Page 2]

RFC 1355 Privacy and Accuracy in NIC Databases August 1992

5) Explain how to have the information changed or updated

6) Explain how to get information removed from the database
including any references to one's information in another'
database entry

7) Explain the consequences of removing information from
database and of failing to provide all or part of
information a NIC requests

The privacy policy enables people to make informed
regarding which information to supply for a given NIC database.
information supplied should treated in a manner consistent with
current privacy policy. If a NIC makes a database available in
entirety to another organization, the NIC should also provide
organization with a copy of the current privacy policy for
database

4. NIC Database

The value of any NIC database is dependent on the accuracy
timeliness of its contents. Any database not being maintained
can create major difficulties for those using it and for those
and organizations listed

For each publically accessible database that a NIC operates, the
should have a clear statement that describes the process that the
uses to maintain accuracy in the database. This statement could
combined with the privacy statement described above for sake
administrative convenience

The accuracy statement informs potential participants in the
of the precautions taken by the NIC to ensure accurate information
Any information supplied should be treated in a manner
with the current accuracy policy. If a NIC makes a
available in its entirety to another organization, the NIC
also provide that organization with a copy of the current
policy for the database

The accuracy statement should

1) Allow an individual or organization access to its
database entry, including private fields, for the
of correcting errors

2) Allow an individual or organization to correct any
that occur in its database entry

Curran & Marine [Page 3]

RFC 1355 Privacy and Accuracy in NIC Databases August 1992

3) Inform an individual or organization when information
them appears in an entry belonging to another party,
that the individual or organization can review
information and have the opportunity to submit corrections

4) Change information in an entry only at the request of
with the approval of the individual or
about which the entry applies

5) Encourage an individual or organization to report any
that occur in the database entries of others

6) Provide for a "date of last review" for each entry in
database; this would reflect the date that the entry
last checked by the owner for accuracy

7) Describe any and all practices used by the NIC to
data prior to inclusion in the database

8) State the data backup procedures in use for this database

5. Security

This memo briefly considers the security aspects of information
NIC databases. This memo should revisited as security
becomes more developed in the Internet

6. Authors'

John
NSF Network Service Center (NNSC
10 Moulton
Cambridge, MA 02138

Phone: (617) 873-3400
EMail: jcurran@nnsc.nsf.

April N.
SRI
Network Information Systems
333 Ravenswood Avenue, EJ294
Menlo Park, CA 94025-3493

Phone: (415) 859-5318
EMail: april@nisc.sri.

Curran & Marine [Page 4]

if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.

RFC documents can be found at I.E.T.F.

Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX