W3C home > Mailing lists > Public > public-tracking@w3.org > July 2012

RE: SOX Requirements RE: ACTION-216 - Financial Reporting "Exceptions"

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Sun, 29 Jul 2012 10:02:38 -0700
To: Tamir Israel <tisrael@cippic.ca>
CC: Lee Tien <tien@eff.org>, Craig Spiezle <craigs@otalliance.org>, "'Chris Mejia'" <chris.mejia@iab.net>, "'David Wainberg'" <david@networkadvertising.org>, "'Jonathan Mayer'" <jmayer@stanford.edu>, "'Dobbs, Brooks'" <Brooks.Dobbs@kbmg.com>, "public-tracking@w3.org" <public-tracking@w3.org>, "'Nicholas Doty'" <npdoty@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8024F8F92B9D8@SP2-EX07VS02.ds.corp.yahoo.com>
Tamir,

We use unique IDs for both the impression and the individual to validate the transaction.  I believe this is where the physical world and digital world diverge a bit.  The question is if the grocery store collected a user's loyalty information to discount the price of the good received, are they responsible for saving the loyalty card info with the transaction to prove the discount was fairly and legally applied.  I believe the answer is yes but haven't asked our Finance team that exact question before.

- Shane  

-----Original Message-----
From: Tamir Israel [mailto:tisrael@cippic.ca] 
Sent: Sunday, July 29, 2012 9:58 AM
To: Shane Wiley
Cc: Lee Tien; Craig Spiezle; 'Chris Mejia'; 'David Wainberg'; 'Jonathan Mayer'; 'Dobbs, Brooks'; public-tracking@w3.org; 'Nicholas Doty'
Subject: Re: SOX Requirements RE: ACTION-216 - Financial Reporting "Exceptions"

On 7/29/2012 12:22 PM, Shane Wiley wrote:
> (b) if so, does the retention requirement apply to the actual ad-serving transactional records that are generated by users' interactions with 3rd-party ad networks/companies?
> (Part of what I'm asking is what data/records the companies are currently retaining because of Sarb-Ox compliance -- and also, I think, the legal standard that defines the compliance line.)
>
> [Yes - as this is considered a "receipt" of the transaction as it's the billed element.  It's like asking if a grocery store must keep a record of each item purchased or if they can simply say a customer spent X in their store.  When ads are sold by impression - each impression must be retained to prove its validity and to be the actual record of receipt.]
>
> (c) if so, must the records contain user- or device-identifying information, or is that unnecessary?
> (Again, the legal standard may be ambiguous, but it would be helpful to know what that legal standard is....
>
> [Alteration of a legal record could be considered "evidence tampering" and therefore companies tend to stay on the conservative side of this line.]

This is where you lose me. If, as Jonathan and others have suggested, it 
is possible to confirm the # of transactions without unique IDs, why 
would the SEC care if you are or are not collecting identifiers? To pick 
up your grocery store example, no one forces Walmart to force customers 
to present a drivers license as a condition of cash payments....

Best,
Tamir
Received on Sunday, 29 July 2012 17:03:09 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:53 UTC