W3C home > Mailing lists > Public > public-tracking@w3.org > October 2014

Re: ISSUE-235 (Auditability requirement for security)

From: Walter van Holst <walter.van.holst@xs4all.nl>
Date: Wed, 22 Oct 2014 11:38:30 +0200
Message-ID: <72c39dc53b9005340c2e7da03fc54d74.squirrel@webmail.xs4all.nl>
To: "Justin Brookman" <jbrookman@cdt.org>
Cc: "Amy Colando" <acolando@microsoft.com>, "public-tracking@w3.org" <public-tracking@w3.org>
On Tue, October 21, 2014 23:22, Justin Brookman wrote:
> No one spoke up for maintaining this language either on the list or on
> last week’s call; if anyone wants to make a pitch for maintaining this
> or other auditability language, please do so; otherwise, we’ll adopt
> Jack’s proposal to remove the sentence.

Catching up with the WG.

And yes, I feel that it strongly contributes to the compliance
standard's credibility if any access and use of data retained under
permitted uses is auditable. I would be fine by restricting its
auditability to data protection and/or consumer rights regulators or
similar governmental entities.

If you commit to limiting your use of certain personal data for
certain circumscribed purposes, you create a burden of proof for
yourself that you have indeed done so. Audit requirements can only be
helpful in that regard.


Received on Wednesday, 22 October 2014 09:39:19 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:24 UTC