- From: Shane M Wiley <wileys@yahoo-inc.com>
- Date: Thu, 20 Nov 2014 16:45:07 +0000 (UTC)
- To: David Singer <singer@mac.com>, Tracking Protection Working Group <public-tracking@w3.org>
Received on Thursday, 20 November 2014 16:46:35 UTC
David - I believe many of us agree and that's why we feel this statement is worthless in the document and creates the perception its more than what you've stated below. Any technical process can be audited - its redundant to state that. - Shane Shane Wiley VP, Privacy & Data Governance Yahoo From: David Singer <singer@mac.com> To: Tracking Protection Working Group <public-tracking@w3.org> Sent: Thursday, November 20, 2014 2:54 AM Subject: Re: ISSUE-235 (Auditability requirement for security) I guess it’s out for CfO so this may be pointless, but I think it’s worth pointing out that it may be immaterial what we say about auditability. We have a clear requirement that data collected for a permitted use is only used for that use. So, imagine a company that appears it may be mis-using the data. Someone — a researcher, a member of government, a regulator, a court, whoever — asks “so, why should we believe that you adhere to the requirement?”. At some point, if life gets tough enough, they’re going to have to show to that person’s satisfaction that they follow the requirement. That is, in effect, an audit. Their need to be able to show this seems entirely independent of whether or not we have language to require auditability, doesn’t it? Dave Singer singer@mac.com
Received on Thursday, 20 November 2014 16:46:35 UTC