Re: Can you confirm if you want the sensitive data exception for timeouts

Gregg wrote:

> If you need an exception — it MUST be in the SC.

+1

JF

On Mon, May 8, 2017 at 1:18 PM, Greg Lowney <gcl-0039@access-research.org>
wrote:

> Gregg, that is correct: I was suggesting we not have any exception for
> sensitive data, but make that explicit in the supporting documents.
>
> (Note, however, that my other two recommendations for wording changes
> still stand: that we harmonize the "submitted" wording in first and last
> clauses, and that the first address " length of time or inactivity".)
>
>     Greg
>
> -------- Original Message --------
> Subject: Re: Can you confirm if you want the sensitive data exception for
> timeouts
> From: Gregg C Vanderheiden <greggvan@umd.edu> <greggvan@umd.edu>
> To: Greg Lowney <gcl-0039@access-research.org>
> <gcl-0039@access-research.org>
> Cc: "lisa.seeman" <lisa.seeman@zoho.com> <lisa.seeman@zoho.com>, "w3c-waI-gl@w3.
> org" <w3c-waI-gl@w3.org> <w3c-wai-gl@w3.org> <w3c-wai-gl@w3.org>
> Date: 5/7/2017 7:52 PM
>
> Just for clarity…
>
> If you need an exception — it MUST be in the SC.
>
> The UNDERSTANDING document can only explain what the SC says and why it
> says it.  You cannot add an exception in the understanding doc — or say
> that you don’t intent it to apply to some cases.      If it isnt an
> exception then it passes or fails.  There are no other options
>
>
> I THINK Greg is suggesting that there SHOULD be no exception.  And that is
> fine.   But then if A or B cannot be done for a site as outlined by Greg —
> then it will fail.
>
>
> *g*
>
> Gregg C Vanderheiden
> greggvan@umd.edu
>
>
>
>
> On May 5, 2017, at 2:25 AM, Greg Lowney <gcl-0039@access-research.org>
> wrote:
>
> I brought up the case because I felt we should make an explicit decision
> about it, but my preference is to not include an exception in the SC, and
> instead to add wording to the Understanding document explaining the
> rationale as you stated it: if any data cannot be saved, whether to
> security or other reasons, they need to either warn about the timeout ahead
> of time or make the timeout period extremely long.
>
> Speaking of which, the Understanding document should also explain why we
> don't offer the alternative approach of prompting the user at the end of
> the timeout period with an option to extend.
>
>     Greg
>
> -------- Original Message --------
> Subject: Can you confirm if you want the sensitive data exception for
> timeouts
> From: lisa.seeman <lisa.seeman@zoho.com> <lisa.seeman@zoho.com>
> To: W3c-Wai-Gl-Request@W3. Org <w3c-wai-gl@w3.org> <w3c-wai-gl@w3.org>
> Date: 5/4/2017 7:57 PM
>
> Hi Folks
>
> on yesterdays call people asked to we'll add the sensitive data exception
> so that we do not  force people to keep sensitive data
>
> However we don't force them to keep the data, it's just that if they don't
> they need to provide a warning about any timeout period.
>
> People need to know how long they have to fill out the form. I do not
> think that goes away just becuse the data is sensitive.
>
>
> Unfortunately the Que was closed and I could not comment, so I am not sure
> how to proceed here
>
> Do we want  the sensitive data exception?
>
> Also can anyone suggest wording for sensitive data that will not create a
> huge loophole for everything?
>
> what I have so far is :
> sensitive information - information that can put users at risk
>
>
> issue on github is : https://github.com/w3c/wcag21/issues/14
>
> All the best
>
> Lisa Seeman
>
> LinkedIn <http://il.linkedin.com/in/lisaseeman/>, Twitter
> <https://twitter.com/SeemanLisa>
>
>
>
>
>
>


-- 
John Foliot
Principal Accessibility Strategist
Deque Systems Inc.
john.foliot@deque.com

Advancing the mission of digital accessibility and inclusion