- From: Justin Brookman <jbrookman@cdt.org>
- Date: Wed, 29 Oct 2014 15:01:19 -0400
- To: Walter van Holst <walter.van.holst@xs4all.nl>
- Cc: Tracking Protection Working Group <public-tracking@w3.org>
For those who don’t feel like visiting the wiki, Walter has proposed to retain the auditability requirement, and to clarify with the following language: In this context auditable is typically understood that there are sufficient records available of access and use of data retained that a third-party auditor would have a reasonable level of confidence that the data retained is exclusively used for the permitted uses or that breaches of this can be detected ex-post. A good yardstick of the level of confidence would be a similar level of confidence required for the organisation's financial records. </walter> I don’t have any great insight into the manner in which companies typically document their access and use of tracking databases, but I’d welcome opinions on whether this would represent a marginal burden to companies. On Oct 29, 2014, at 7:59 AM, Walter van Holst <walter.van.holst@xs4all.nl> wrote: > On 2014-10-22 17:40, Justin Brookman wrote: > >> I do not have a general notion of what an auditor would consider to be >> auditable, so why don’t you propose specific text (doesn’t have to be >> in the next 20 minutes!) for the group to consider. > > I have put a proposal underneath Vincent's in the wiki: > > https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Remove_auditable_security_requirement > > Sadly, I'm very unlikely to be able to attend today's call. Feedback by mail, either on- or off-list would be much appreciated. > > Regards, > > Walter
Received on Wednesday, 29 October 2014 19:01:46 UTC