W3C home > Mailing lists > Public > w3c-wai-gl@w3.org > April to June 2017

RE: Can you confirm if you want the sensitive data exception for timeouts

From: Michael Pluke <Mike.Pluke@castle-consult.com>
Date: Sun, 7 May 2017 22:50:24 +0000
To: David MacDonald <david100@sympatico.ca>, Greg Lowney <gcl-0039@access-research.org>
CC: lisa.seeman <lisa.seeman@zoho.com>, "W3c-Wai-Gl-Request@W3. Org" <w3c-wai-gl@w3.org>
Message-ID: <bbc98e6ab937420f94bbb85020308774@E15MADAG-D05N03.sh11.lan>
I agree

Mike

From: David MacDonald [mailto:david100@sympatico.ca]
Sent: 05 May 2017 12:49
To: Greg Lowney <gcl-0039@access-research.org>
Cc: lisa.seeman <lisa.seeman@zoho.com>; W3c-Wai-Gl-Request@W3. Org <w3c-wai-gl@w3.org>
Subject: Re: Can you confirm if you want the sensitive data exception for timeouts

> However we don't force them to keep the data, it's just that if they don't they need to provide a warning about any timeout period.

Yes, I agree Lisa. I was struggling with the idea of a sensitive information exception, because I think almost  *anything* the user fills out (Name, Address, age etc...) would fit in that category and would undermine the SC. So I think it can stand as is for this draft...

> Understanding document should also explain why we don't offer the alternative approach of prompting the user at the end of the timeout period with an option to extend.

Yes, I agree. Also, once we establish this new SC, we'll probably need to do a bit of back and forth with 2.2.1 so people are not confused.  Perhaps the clarification would be in both understanding docs or even a bit of adjustment to the language of either/both SCs (without decreasing WCAG 2 requirements).  2.2.1 requires time to be extended up to 10 times the default. The usual way that is implemented is a warning at the end of the first cycle "Do you want more time?" So authors may be confused about saying how much time the user has.... is it the default time out, or is it the extended time out required under 2.2.1.  which could be confusing (i.e., if the author announces the extended time at the front, is that extended time now considered the default time, and will the user expect to be able to extend THAT, 10 x.


Cheers,
David MacDonald



CanAdapt Solutions Inc.

Tel:  613.235.4902

LinkedIn
<http://www.linkedin.com/in/davidmacdonald100>

twitter.com/davidmacd<http://twitter.com/davidmacd>

GitHub<https://github.com/DavidMacDonald>

www.Can-Adapt.com<http://www.can-adapt.com/>



  Adapting the web to all users
            Including those with disabilities

If you are not the intended recipient, please review our privacy policy<http://www.davidmacd.com/disclaimer.html>

On Fri, May 5, 2017 at 2:25 AM, Greg Lowney <gcl-0039@access-research.org<mailto:gcl-0039@access-research.org>> wrote:
I brought up the case because I felt we should make an explicit decision about it, but my preference is to not include an exception in the SC, and instead to add wording to the Understanding document explaining the rationale as you stated it: if any data cannot be saved, whether to security or other reasons, they need to either warn about the timeout ahead of time or make the timeout period extremely long.

Speaking of which, the Understanding document should also explain why we don't offer the alternative approach of prompting the user at the end of the timeout period with an option to extend.

    Greg

-------- Original Message --------
Subject: Can you confirm if you want the sensitive data exception for timeouts
From: lisa.seeman <lisa.seeman@zoho.com><mailto:lisa.seeman@zoho.com>
To: W3c-Wai-Gl-Request@W3. Org <w3c-wai-gl@w3.org><mailto:w3c-wai-gl@w3.org>
Date: 5/4/2017 7:57 PM
Hi Folks

on yesterdays call people asked to we'll add the sensitive data exception so that we do not  force people to keep sensitive data

However we don't force them to keep the data, it's just that if they don't they need to provide a warning about any timeout period.

People need to know how long they have to fill out the form. I do not think that goes away just becuse the data is sensitive.


Unfortunately the Que was closed and I could not comment, so I am not sure how to proceed here

Do we want  the sensitive data exception?

Also can anyone suggest wording for sensitive data that will not create a huge loophole for everything?

what I have so far is :
sensitive information - information that can put users at risk


issue on github is : https://github.com/w3c/wcag21/issues/14

All the best

Lisa Seeman

LinkedIn<http://il.linkedin.com/in/lisaseeman/>, Twitter<https://twitter.com/SeemanLisa>



________________________________
Received on Sunday, 7 May 2017 22:50:59 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 21:08:13 UTC