RFC 1355 (rfc1355) - Page 2 of 4
Privacy and Accuracy Issues in Network Information Center Databases
Alternative Format: Original Text Document
RFC 1355 Privacy and Accuracy in NIC Databases August 1992
database has towards those about whom data appears in the database.
These obligations apply to database entries that contain information
that is publically accessible to Internet users.
2. Background and Organization
In fulfilling the functions of a Network Information Center, each NIC
needs to collect and distribute a variety of information about the
network it serves. Much of the information handled by a NIC is
"directory" information that provides pointers to people,
organizations, and resources throughout a network. The use of
publically accessible databases to disseminate such data is seen as
beneficial to the Internet because it allows efficient information
retrieval by users, Network Operation Centers (NOCs), and other NICs.
This document is organized into two parts. The first part contains
recommendations for preventing unauthorized disclosure of information
in NIC databases. The second part recommends formal accuracy
guidelines for NIC databases.
3. NIC Database Privacy
The existence of publically accessible databases brings up a number
of significant questions regarding controls over the gathering and
distribution of the data. It is important that these concerns are
addressed prior to the wide-scale deployment of a public NIC database
or a NIC risks having to retrofit an established system to formal
guidelines regarding such controls when they are finally available.
For each publically accessible database that a NIC manages, the NIC
needs to provide a clear statement of the purpose of the database,
the types of information it contains, and the privacy policy that
applies to the information stored within it. In general, this policy
should inform people or organizations listed in the database of the
content and purpose of their database entries. Specifically, the
privacy policy should:
1) Describe why the NIC needs the information and how it will use
the information.
2) List of all the information being stored in an entry.
3) Detail which information will be made available outside of the
NIC, to whom it will be made available, and for what purpose.
4) Provide for notification of any person or organization added
to the database at the request of a third party.
Curran & Marine