- From: Marcos Cáceres <notifications@github.com>
- Date: Sun, 24 Sep 2017 21:56:27 -0700
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 25 September 2017 04:57:03 UTC
> hasn't followed a Privacy By Design process This is not the case: the WG did a [security and privacy assessment](https://docs.google.com/document/d/1w7ginyzNg-xZUmITK4vzcGUKB4gbMOAvlkWWaRtX14k). We just didn't link to it from the spec. > or included appropriate risk assessments. Maybe we should link to the google doc (or put it in the wiki)? Please also note, the spec has received wide review, including from those who have the authority to enforce things like PCI-DSS. It's up to the Payment Handler spec(s) to note any regulatory requirements. For instance - [Basic Card](https://w3c.github.io/payment-method-basic-card/#security) notes: "Depending on jurisdiction, users of this specification (implementers, merchants, payment processors, etc.) can be subject to PCI DSS or other regulations. Discussion of those considerations are outside the scope of this document." -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/632#issuecomment-331777096
Received on Monday, 25 September 2017 04:57:03 UTC