Privacy and Accuracy Issues in Network Information Center Databases
RFC 1355

Document Type RFC - Informational (August 1992; No errata)
Also known as FYI 15
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 1355 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         J. Curran
Request for Comments: 1355                                         NNSC
FYI: 15                                                       A. Marine
                                                                    SRI
                                                            August 1992

       Privacy and Accuracy Issues in Network Information Center
                               Databases

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard.  Distribution of this memo is
   unlimited.

Abstract

   This document provides a set of guidelines for the administration and
   operation of public Network Information Center (NIC) databases.  The
   purpose is to formalize procedures for the responsible handling of
   the personal and organizational information maintained by NICs in
   publically accessible databases, and to improve the accuracy and
   accessibility of such data where appropriate.

Acknowledgments

   This document is based upon the work of the Network Information
   Services Infrastructure (NISI) working group in the User Services
   Area of the IETF.  Thanks are due to the members of this working
   group who contributed ideas and comments, especially to Glee Cady
   (University of Michigan) for her significant contributions.  Special
   thanks are also extended to Steve Crocker (TIS) for his guidance in
   this area.  Due to the natural overlap between NIC databases and
   public user directories, this document also references concepts
   contained in the North American Directory Forum's (NADF) "User Bill
   of Rights for Entries and Listings in the Public Directory" (RFC
   1295).

1. Purpose

   The purpose of this document is to consider the privacy and accuracy
   issues that result from many NIC databases being publicly accessible.
   This document considers only generic concerns about such systems; it
   intentionally does not make recommendations for specific databases on
   the Internet.  Clearly, it is the responsibility of each NIC to
   determine what procedures should apply for each of its databases.
   The document discusses the obligations a NIC that maintains such a

Curran & Marine                                                 [Page 1]
RFC 1355         Privacy and Accuracy in NIC Databases       August 1992

   database has towards those about whom data appears in the database.
   These obligations apply to database entries that contain information
   that is publically accessible to Internet users.

2. Background and Organization

   In fulfilling the functions of a Network Information Center, each NIC
   needs to collect and distribute a variety of information about the
   network it serves.  Much of the information handled by a NIC is
   "directory" information that provides pointers to people,
   organizations, and resources throughout a network.  The use of
   publically accessible databases to disseminate such data is seen as
   beneficial to the Internet because it allows efficient information
   retrieval by users, Network Operation Centers (NOCs), and other NICs.

   This document is organized into two parts.  The first part contains
   recommendations for preventing unauthorized disclosure of information
   in NIC databases.  The second part recommends formal accuracy
   guidelines for NIC databases.

3. NIC Database Privacy

   The existence of publically accessible databases brings up a number
   of significant questions regarding controls over the gathering and
   distribution of the data.  It is important that these concerns are
   addressed prior to the wide-scale deployment of a public NIC database
   or a NIC risks having to retrofit an established system to formal
   guidelines regarding such controls when they are finally available.

   For each publically accessible database that a NIC manages, the NIC
   needs to provide a clear statement of the purpose of the database,
   the types of information it contains, and the privacy policy that
   applies to the information stored within it.  In general, this policy
   should inform people or organizations listed in the database of the
   content and purpose of their database entries.  Specifically, the
   privacy policy should:

      1) Describe why the NIC needs the information and how it will use
         the information.

      2) List of all the information being stored in an entry.

      3) Detail which information will be made available outside of the
         NIC, to whom it will be made available, and for what purpose.

      4) Provide for notification of any person or organization added
         to the database at the request of a third party.

Curran & Marine                                                 [Page 2]
RFC 1355         Privacy and Accuracy in NIC Databases       August 1992

      5) Explain how to have the information changed or updated.
Show full document text