As you no doubt have noticed, privacy and data security are hot topics these days. It’s nearly impossible to pick up a newspaper or watch TV without some reference to data breaches, cyber attacks or intrusions into personal privacy. Given this backdrop, it is no wonder that people increasingly want to know whether and to what extent their personal data is being collected, used and shared. We are writing this blog post to share with you an important update that will take effect May 25, 2018.
As the Registry Operator for the .nyc top-level domain, it is our responsibility to provide a safe and secure namespace for our registrants and users. We do so, among other ways, by adhering to international best practices for online security and safety and complying with mandates defined by The Internet Corporation for Assigned Names and Numbers (ICANN), which is the global not-for-profit partnership responsible for developing and implementing policies that keep the Internet secure, stable and interoperable.
On May 17, 2018, the Board of Directors of ICANN unanimously adopted a new guideline for all contracted Registry Operators (including the .nyc Registry) which will impact the way personal data is collected, displayed and shared for .nyc domain name registrants.
When you register a .nyc domain name, your domain name retailer collects certain information about the domain registration, including among other things, and the name, address and contact information of the registrant. As a Registry Operator, we collect this information from domain retailers, and make it publicly available online in the WHOIS database. WHOIS is an online database of information associated with registered domain names.
While there are a host of legitimate reasons for publishing registration data (including, among other things, policy compliance, intellectual property concerns, law enforcement, security research and commercial transactions) – unfortunately, the personally identifiable information of domain registrants was sometimes misused by spammers, scammers, and other bad actors intent on harvesting your personal data for nefarious purposes.
Effective as of May 25, 2018, the way people access registration data will be updated – and personally identifiable information will no longer be available on an initial WHOIS database search. Personally identifiable data will be protected from the initial search with an added layer of security. However, legitimate data requests will still be afforded the full data view upon submitting a formal request to a domain retailer, and proactively verifying that the data will be used for valid purposes.
While the .nyc Registry is dedicated to remaining open and transparent in all that we do, we are equally committed to protecting the personal privacy and data of our residents and business owners. We believe, the new ICANN protocol strikes a good balance and will both prevent .nyc registrants from being harmed by those intent on misusing their data; and afford those with a legitimate need to continue to access personally identifiable contact information as previously available.
Rest assured that under the new protocol we will continue implementing all of the policies that you have come to rely on to maintain the safety and integrity of the .nyc namespace – including the ongoing reporting of data via the Open Data Portal.
If you have any questions or concerns, please send us an email at firstname.lastname@example.org.