Re: ISSUE-235 (Auditability requirement for security) from David Singer on 2014-11-05 (public-tracking@w3.org from November 2014)

From: David Singer <singer@apple.com>
Date: Wed, 5 Nov 2014 16:15:26 +0000
To: Justin Brookman <jbrookman@cdt.org>
Cc: Walter van Holst <walter.van.holst@xs4all.nl>, Tracking Protection Working Group <public-tracking@w3.org>
Message-Id: <0C419434-2DAC-4F10-A0CF-3D398D53877F@apple.com>

On Oct 29, 2014, at 19:01 , Justin Brookman <jbrookman@cdt.org> wrote:

> For those who don’t feel like visiting the wiki, Walter has proposed to retain the auditability requirement, and to clarify with the following language:
> 
> In this context auditable is typically understood that there are sufficient records available of access and use of data retained that a third-party auditor would have a reasonable level of confidence that the data retained is exclusively used for the permitted uses or that  breaches of this can be detected ex-post. A good yardstick of the level of confidence would be a similar level of confidence required for the organisation's financial records. 
> 
> </walter>
> 
> I don’t have any great insight into the manner in which companies typically document their access and use of tracking databases, but I’d welcome opinions on whether this would represent a marginal burden to companies.


There is something a little odd about adding a retention requirement to a specification which, on the face of it, is trying to minimize the amount of data retained.

Audit-ability could as easily be process rather than data based, couldn’t it?  An auditor could check what processes and procedures are defined, and that they are followed in practice.

> 
> On Oct 29, 2014, at 7:59 AM, Walter van Holst <walter.van.holst@xs4all.nl> wrote:
> 
>> On 2014-10-22 17:40, Justin Brookman wrote:
>> 
>>> I do not have a general notion of what an auditor would consider to be
>>> auditable, so why don’t you propose specific text (doesn’t have to be
>>> in the next 20 minutes!) for the group to consider.
>> 
>> I have put a proposal underneath Vincent's in the wiki:
>> 
>> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Remove_auditable_security_requirement
>> 
>> Sadly, I'm very unlikely to be able to attend today's call. Feedback by mail, either on- or off-list would be much appreciated.
>> 
>> Regards,
>> 
>> Walter
> 
> 
> 

David Singer
Manager, Software Standards, Apple Inc.

Received on Wednesday, 5 November 2014 16:16:11 UTC