Re: ISSUE-235 (Auditability requirement for security) from Shane M Wiley on 2014-11-03 (public-tracking@w3.org from November 2014)

From: Shane M Wiley <wileys@yahoo-inc.com>
Date: Mon, 3 Nov 2014 16:18:51 +0000 (UTC)
To: Walter van Holst <walter.van.holst@xs4all.nl>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <1127541903.269014.1415031531582.JavaMail.yahoo@jws100131.mail.ne1.yahoo.com>

Walter,
Okay - I "know" this adds no value.  Let's please move to CfO so we can kill this once and for all.
- Shane Shane Wiley
VP, Privacy & Data Governance
Yahoo
      From: Walter van Holst <walter.van.holst@xs4all.nl>
 To: public-tracking@w3.org 
 Sent: Monday, November 3, 2014 6:39 AM
 Subject: RE: ISSUE-235 (Auditability requirement for security)
   
On 2014-10-29 20:59, Shane M Wiley wrote:
> Justin and Walter,
> 
> I continue to believe this is unneeded as an element of the TCS.
> Regulators already have the tools needed to inspect companies they
> believe to be in violation of their privacy promises to users.  The
> proposed language creates uncertainty for companies that anything they
> purge with the goal of data minimization in mind would now be subject
> to retention requirements for "auditability".  This is a slippery
> slope with considerable complexity.  I believe we have enough working
> group members opposed to the addition of this language that I would
> recommend we move to a CfO quickly so we can remove this topic from
> discussion.

Shane,

The mere expression of a belief is in itself not a substantive argument. 
I would be more than happy to add language saying that none of this 
should result in retention of tracking data that otherwise would not be 
retained. So if that is your worry, that can be addressed.



Regards,

  Walter

Received on Monday, 3 November 2014 16:20:14 UTC