Hi Cynthia Having duplicate copies of personal data spread around a public database is probably not inkeeping with the principles of GDPR. Cleaning that up would be possible but not trivial. They have to be identified and may have different maintainers who would have to be contacted. Un-referenced PERSON objects (and PERSON/MNTNER pairs) are already deleted automatically after 90 days. So this 2 million+ does not include any of them. cheersdenisco-chair DB-WG From: Cynthia Revström via db-wg <db-wg@ripe.net> To: db-wg@ripe.net Sent: Thursday, 20 September 2018, 15:23 Subject: Re: [db-wg] PERSON objects in the RIPE Database Hi, I am not sure how the best way to do this but maybe check the database for person handles with identical name, address, phone number and such things. Also maybe if we could take a look at the amount of person handles that are not used at all in any other object, and potentially delete them. Kind regards, Cynthia Revström On 2018-09-20 14:57, Alexander Stranzky via db-wg wrote:
On 20/09/2018 15:04, denis walker via db-wg wrote:
Colleagues,
I will start with a blunt question, then give some arguments for my concern. In May the RIPE NCC told me there are?more than 2 million PERSON objects in the RIPE Database. That is almost 25% of the objects in the database. Who are these people and why do we hold so much personal data? Hello,
I suspect that many of these objects are old (pre-API) and/or duplicates. Before RIPE had a REST API (and I can't tell how many ISPs still use emails to create their resources) automatically fetching, linking, and updating a RIPE object was a pain (as is the current situation with APNIC) and likely involved someone to create the email personally. Hence going the easy route--making new entries every time.
Regards, Alexander Stranzky