.org Registry Agreement: Appendix H

23 October 2002

Public Interest Registry Equal Access and Nondiscriminatory Practice

I. Equal Access and Nondiscriminatory Practice

Public Interest Registry ("PIR") shall provide registrars with the opportunity to register domain names in the .org TLD pursuant to the terms and conditions of a Registry-Registrar Agreement ("RRA") to be executed between PIR and any such registrars accredited by ICANN to act as a registrar for domain names within the domain of the .org TLD (hereinafter referred to as "ICANN-Accredited Registrars"). PIR shall provide all ICANN-Accredited Registrars with equivalent access to the EPP Registry-Registrar Protocol. PIR will also make a certification to ICANN at the end of the six month period immediately following the Effective Date of the Registry Agreement and at the end of each subsequent six month period for the Term of the Registry Agreement, using the objective criteria set forth in the PIR Equivalent Access Certification below, that PIR, in its capacity as Registry Operator, and on behalf of its subcontractors, each is providing all ICANN-Accredited Registrars with such equivalent access.

PIR will ensure, in a form and through ways described in the PIR Equivalent Access Certification below, that the revenues and assets of the Registry Operator are not utilized to advantage PIR, its affiliates, any contractor to PIR, or any owner of any such contractor to the detriment of other ICANN-Accredited Registrars.

All capitalized terms not otherwise defined herein shall have the meaning ascribed to them in the Registry Agreement.

II. PIR Equal Access and Nondiscriminatory Practice

PIR will comply, and will ensure that its contractors comply, with the following policies relating to Equal Access and Nondiscrimination Practice Plan (the "Plan").

1. Section A - Equivalent Access Policy

It is the goal of this policy to ensure that:

1.1 All ICANN-Accredited Registrars have the ability to connect to the System using the same protocols and with the same limitations and security measures.

1.2 All ICANN-Accredited Registrars have the same access to customer support, administrative and business services.

1.3 All ICANN-Accredited Registrars have the same access to the tools required to access their data through the System including billing, account management and other similar services.

1.4 With the exception of systems designed to enforce PIR's or ICANN's terms of service, contract or policy, the System does not include any features or systems designed to perform prejudicially or favorably towards any specific ICANN-Accredited Registrar[s].

2. Section B - Organizational Conflict of Interest Compliance Plan for PIR

PIR has created the following processes and policy in order to achieve the goals outlined above.

2.1 Organization Structure

Public Interest Registry is incorporated under the Pennsylvania Non Profit Corporation Laws in the United States of America on a non-stock basis.

2.2 PIR Financial Separation

PIR will ensure that separate financial statements for PIR's operational unit providing Registry Services are prepared using United States GAAP accounting standards. Financial statements for that unit will account for its own costs, revenues, cash flow, etc. as a separate entity, using distinct systems and accounting functions. Reasonable and independently auditable internal accounting controls will be in place to ensure the adequacy of these systems and functions. The accounting and operational procedures will be established in such a fashion that no detailed customer account information relating to any ICANN-Accredited Registrar will be available to any other ICANN-Accredited Registrar.

2.3 Different Locations/Office Premises

PIR will conduct its business and technical operations from different premises than any ICANN-Accredited Registrar.

2.4 Physical Barriers

At PIR facilities, only assigned personnel employed or contracted by PIR will have regular access to the premises and any other person will be treated as a visitor to the facility and will gain access only when accompanied by authorized PIR personnel.

2.5 Registry Access

PIR will provide access to all Registry customers through the mechanisms described in above.

3. Section C - Information Control

PIR, has in place various procedural safeguards to ensure that data and information of the registry business are not utilized to advantage one ICANN-Accredited Registrar over another. The Access to Data Policy is attached as Exhibit A.

3.1 Staff Training

All PIR Personnel and other employees who have a need to know PIR business will undergo a formal Organizational Conflict of Interest ("OCI") Training Program, providing the staff members with a clear understanding of this Plan with special attention paid to the Equivalent Access Policy and the staff members' responsibility under the plan. Formal OCI training will be required before any potential staff member is given an assignment or access to PIR material. Formal OCI refresher training will be given on an annual basis.

3.2 Treatment of Information

Upon completion of the training program, all PIR Personnel and other employees who have a need to know PIR business will be required to sign a non-disclosure agreement (Exhibit B) and a PIR Business OCI Avoidance Certification (Exhibit C) acknowledging, among other things, his/her understanding of the OCI requirements, and certifying that he/she will strictly comply with the provisions of the OCI Plan. The signed agreements will be maintained in the program files and the individual's personnel file. Each staff member acknowledges verification of the annual refresher training required by this Plan.
PIR will, in all cases, endeavor to ensure that PIR and its employees do not release any information to any ICANN-Accredited Registrar, or their respective employees that could be used by the ICANN-Accredited Registrar to the detriment of any other ICANN-Accredited Registrar regardless of the official stated sensitivity of the information. Under no circumstances will Registry Sensitive Information be approved by PIR for release to any other ICANN-Accredited Registrar.

Exhibit A
Access to Data Policy

1. Purpose: To establish policies (i) for the protection of Proprietary Information developed by and/or in the possession of PIR, and (ii) for the protection of Registry Sensitive Information to ensure that the revenue and assets of PIR are not unfairly utilized to advantage any ICANN-Accredited Registrar to the detriment of any other ICANN-Accredited Registrar.

2. Scope: This policy is applicable to all officers, directors, members, owners, employees, agents, consultants, and subcontractors of PIR.

3. Definitions:

3.1 Proprietary Information. Financial, personnel, technical, or business information owned or possessed by PIR which has not been authorized for public release. Such information is frequently referred to as "Proprietary Information," "Confidential Information" or "Privileged Information."

3.2 Registry Sensitive Information. Any information, including Proprietary Information or other financial, personnel, technical, or business information owned or possessed by PIR relating to its business which could be utilized to advantage ICANN-Accredited Registrar to the detriment of other competing ICANN-Accredited Registrars. Examples of Registry Sensitive Information are contained in Attachment 1 hereto.

3.3 Computer Software. Computer programs and computer databases.

3.4 Computer Software Documentation. Technical data, including computer listing and printouts, in human-readable form which (i) document the design or details of computer software, (ii) explain the capabilities of the software, or (iii) provide instructions for using the software to obtain desired results from a computer.

4. Procedures for Protection of Proprietary Information:

4.1 Responsibility. Managers are responsible for identifying Registry Sensitive Information developed, produced or possessed by PIR and for instructing employees reporting to them regarding the proper handling and safeguarding of such information. Each PIR employee will exercise reasonable care to protect Registry Sensitive Information from unauthorized or inadvertent disclosure.

4.2 Disclosure. It is recognized that there are occasions where it is necessary to disclose Proprietary Information to outsiders. Such disclosure should not be made without the prior written approval of an authorized Corporate officer of PIR. Advice from Corporate counsel should be obtained on all questions relating to the identification or releasing of Proprietary Information or Registry Sensitive Information.

4.3 Marking of Documents. Documents containing Proprietary Information or Registry Sensitive Information will be marked with one of the markings described below at the time the document[s] is produced. Computer tapes and other recorded material should be identified by proper labeling which is visible to the ordinary person while the material is being stored. In addition, all such material should have a warning notice at the beginning of the material to ensure the user is forewarned about the proprietary or sensitive nature of its contents (as soon as access is afforded to a computer tape or at the beginning of a sound recording, etc.).

4.3.1 Internal Documents. On internal documents (reports, memoranda, drawings, etc.) the applicable following legend shall be put at the top or bottom of the first page or, in the case of drawings, in the space provided for such legends. The "need to know" principle shall be the guideline when divulging Proprietary Information or Sensitive Information internally.

Public Interest Registry Proprietary Information The information on this document is proprietary to PIR. It may not be used, reproduced or disclosed without the written approval of PIR.

Public Interest Registry Registry Sensitive Information The information on this document is proprietary to PIR. It may not be used, reproduced or disclosed without the written approval of PIR.

4.3.2 Documents for External Distribution.

A. Reports and Similar Documents

The following legend shall be typed or stamped on the cover and/or title page of reports or on the face of other documentation provided to others:

Public Interest Registry Proprietary Information This document is the property of PIR. It may be used by recipient only for the purpose for which it was transmitted and shall be returned upon request or when no longer needed by recipient. It may not be copied or communicated without the prior written consent of PIR.

B. Letters

On letters to third parties or outsiders which will contain Proprietary Information, the following statement or equivalent shall appear in the text:

Public Interest Registry Proprietary Information Information contained herein is PIR Proprietary Information and is made available to you because of your interest in our company (or program, etc.). This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties.

C. Proposals to Commercial Companies

1. A restrictive legend such as the following shall be placed on the title page of each volume of the proposal:

PIR's proposal, which follows, contains information and data that are privileged and/or confidential to PIR. This information and data are not made available for public review and are submitted to XYZ COMPANY NAME only for purposes of review and evaluation in connection with this proposal. No other use of the information and data contained herein is permitted without the express written permission of PIR. Information and data contained herein is protected by the Uniform Trade Secrets Act, as codified, and any improper use, distribution, or reproduction is specifically prohibited. No license of any kind whatsoever is granted to any third party to use the information and data contained herein unless a written agreement exists between PIR and the third party which desires access to the information and data. Under no condition should the information and data contained herein be provided in any manner whatsoever to any third party without the prior written permission of PIR.

2. Each page of the proposal which contains Proprietary Information shall be marked as follows:

Use or disclosure of proposal information is subject to the restriction on the title page of this proposal.

D. Proprietary Information Released Pursuant to Contract

When Proprietary Information is exchanged between PIR and another company, a Confidentiality Agreement or Non-Disclosure Agreement shall be executed by the parties concerned.

1. The parties will designate in writing one or more individuals within their own organization as the only person(s) authorized to receive Proprietary Information exchanged between the parties pursuant to this Agreement (see Attachment 2 for sample agreement.).

2. All information which the disclosing party claims as proprietary shall be received in writing, clearly identified as proprietary, and delivered personally or by mail addressed to individuals designated above to receive the Proprietary Information.

5. Safekeeping

When not in use, Proprietary Information or Registry Sensitive Information will be stored in a locked desk, cabinet or file. Such material will not be left unattended during the workday and should be turned face down in the presence of visitors or employees who have no need to know.

6. Destruction

Burning, shredding or comparable methods will be used for the destruction of Proprietary Information or Registry Sensitive Information.

7. Terminating Employees

Terminating employees will be reminded of their responsibilities and obligations in protecting Proprietary Information. All employees will execute a non-disclosure agreement specifying that they may not retain or otherwise use such information after termination. Any deviation from this policy must be approved in writing by PIR counsel and PIR.

8. Third-Party Proprietary Information

Proprietary Information received from other companies through contractual or pre-contractual relationships will be afforded the same level of protection given to PIR's Proprietary Information.

9. Questions

Questions concerning implementation or interpretation of this policy will be referred to the CEO or the General Counsel.

ATTACHMENT 1
Examples of Proprietary & Registry Sensitive Information

Engineering Information

Engineering information, including schematics, code, and engineering notes will be considered Proprietary Information.

Statistical Information

Some statistical information will be available for public consumption. Such information does not require any special treatment, so long as no ICANN-Accredited Registrar, receives any preferential treatment (e.g., early access to such information). Other statistics, such as numbers of registrations, transfers, etc., performed by each registrar, as well as processing times, numbers of failures or any information that is trending negative or contains negative performance factors not generally available to the public should be considered Registry Sensitive Information.

One area of statistical data that is deserving of special attention is Registry Information pertaining to the numbers of registrations, transfers, etc., performed by each registrar. All such information is Registry Sensitive Information and will be treated accordingly. Unless otherwise approved, registration activity information must be protected from disclosure to any registrar other than the registrar to which the information refers.

Financial Information

Financial data related to PIR is Registry Sensitive Information and will not be released without the express consent of the CEO of PIR. Monthly expenses and income shall be kept sensitive and restricted from disclosure to any party other than the appropriate PIR.

ATTACHMENT 2
NON-DISCLOSURE AGREEMENT
Proprietary Information

This is an Agreement, effective _______________ __, 20__ between Public Interest Registry Inc., (hereinafter referred to as "PIR") and _________________________ (hereinafter referred to as "_________________"). It is recognized that it may be necessary or desirable to exchange information between PIR and _________________ for the purpose of ____________________________ _____________________________________________. With respect to the information exchanged between the parties subsequent to this date, the parties agree as follows:

(1) "Proprietary Information" shall include, but not be limited to, performance, sales, financial, contractual and special marketing information, ideas, technical data and concepts originated by the disclosing party, not previously published or otherwise disclosed to the general public, not previously available without restriction to the receiving party or others, nor normally furnished to others without compensation, and which the disclosing party desires to protect against unrestricted disclosure or competitive use, and which is furnished pursuant to this Agreement and appropriately identified as being proprietary when furnished.

(2) In order for proprietary information disclosed by one party to the other to be protected in accordance with this Agreement, it must be: (a) in writing or in electronic form; (b) clearly identified as proprietary information at the time of its disclosure by each page thereof being marked with an appropriate legend indicating that the information is deemed proprietary by the disclosing party; and (c) delivered by letter of transmittal, hand delivery, or electronically transmitted to the individual designated in Paragraph 3 below, or his designee. Where the proprietary information has not been or cannot be reduced to written or electronic form at the time of disclosure and such disclosure is made orally and with prior assertion of proprietary rights therein, such orally disclosed proprietary information shall only be protected in accordance with this Non-Disclosure Agreement provided that complete written summaries of all proprietary aspects of any such oral disclosures shall have been delivered to the individual identified in Paragraph 3 below, within 20 calendar days of said oral disclosures. Neither party shall identify information as proprietary which is not in good faith believed to be confidential, privileged, a trade secret, or otherwise entitled to such markings or proprietary claims.

(3) In order for either party's proprietary information to be protected as described herein, it must be submitted in written or electronic form as discussed in Paragraph 2 above to:

Page Updated 24-Oct-2002
©2002  The Internet Corporation for Assigned Names and Numbers. All rights reserved.