With regard to your first point:

The Information Privacy Act 2000 is Victorian legislation regarding the
protection of personal information across the Victorian public sector. auDA
is not a Victorian public sector agency, therefore we are not required to
comply with this Act.

The relevant legislation is in fact the Privacy Act 1988 as amended last
year by the Privacy Amendment (Private Sector) Act 2000. Schedule 3 of the
Act lists 10 National Privacy Principles (NPPs), including the one you quote
in your email, "An organisation must take reasonable steps to protect the
personal information it holds from misuse and loss from unauthorised access,
modification or disclosure". (The Victorian IPPs are based on the NPPs).

The NPPs do not come into effect until 21 December 2001. auDA has initiated
discussions with the Office of the Privacy Commissioner to ensure that we
will meet our obligations under the Act when the time comes.

Regards

Jo Lim
Chief Policy Officer
.au Domain Administration
ph 03 9226 9495
fax 03 9226 9499
mob 0410 553 233

-----Original Message-----
From: Peter Ostenberg [mailto:peterost§start.com.au]
Sent: Sunday, 19 August 2001 5:07 PM
To: dns§auda.org.au
Subject: Fw: [DNS] ING charging $250 non-refundable for .BIZ and .INFO


Chris Disspain, CEO, auDA,


In light of recent list discussions in relation to information held on
the AUNIC database hosted for auDA by the commercial entity
NetRegistry Pty Ltd, may I refer to the following reference:

INFORMATION PRIVACY ACT 2000
"PART 11A--INFORMATION PRIVACY ACT 2000 SCHEDULE 1
THE INFORMATION PRIVACY PRINCIPLES
4. Principle 4--Data Security
4.1 An organisation must take reasonable steps to protect the personal
information it holds from misuse and loss and from unauthorised
access, modification or disclosure.

Clarification is required by community members and sought from you as
CEO of auDA with respect to the following:

1. Kindly advise the specific reasonable steps auDA have taken to
comply with the Information Privacy Act 2000 in protecting data held
on the AUIC database from misuse, loss, or unauthorised access.

2. In their capacity as host is it possible that NetRegistry have
access to bulk current consumer details residing on the AUNIC data
base over and above that which is publically available via interfaces
such as whois and aunicstatus ?

3. As registrant and registrar of au.com was any possible conflict of
interest investigated prior to acceptance by auDA of the AUNIC hosting
tender put forward by the commercial entity NetRegistry Pty Ltd?

Furthermore, regarding your investigation following Josh Rowe's
correspondence dated 16th August 2001, has such an investigation
reached completion? and is there a time frame as to when publication
of the resultant outcome may be expected? Did NetRegistry obtain AUNIC
data in an improper manner and use it for advertising purposes
including, but not limited to, unsolicited emails? In fairness to
NetRegistry and all .au registrants one would expect this issue to be
clarified and documented by auDA as soon as practicable.

A point of reference:
"Key Objectives of auDA Interim Board Version 1.1"
Preamble of the au Domain Administration
Taking the view that the Internet Domain Name System is a public
asset, and that the .au ccTLD is under the sovereign control of the
Commonwealth of Australia, auDA will administer the .au ccTLD for the
benefit of the Australian community.


Cheers,

Peter Ostenberg





__________________________________________________________________
Get your free Australian email account at http://www.start.com.au

--
This article is not to be reproduced or quoted beyond this forum without
express permission of the author. 353 subscribers.
Archived at http://listmaster.iinet.net.au/list/dns (user: dns, pass: dns)
Email "unsubscribe" to dns-request§auda.org.au to be removed.