RE: ISSUE-235 (Auditability requirement for security) from Shane M Wiley on 2014-10-29 (public-tracking@w3.org from October 2014)

From: Shane M Wiley <wileys@yahoo-inc.com>
Date: Wed, 29 Oct 2014 19:59:20 +0000
To: Justin Brookman <jbrookman@cdt.org>, Walter van Holst <walter.van.holst@xs4all.nl>
CC: Tracking Protection Working Group <public-tracking@w3.org>
Message-ID: <DCCF036E573F0142BD90964789F720E3250D8D8E@GQ1-AM-M03-03.y.corp.yahoo.com>

Justin and Walter,

I continue to believe this is unneeded as an element of the TCS.  Regulators already have the tools needed to inspect companies they believe to be in violation of their privacy promises to users.  The proposed language creates uncertainty for companies that anything they purge with the goal of data minimization in mind would now be subject to retention requirements for "auditability".  This is a slippery slope with considerable complexity.  I believe we have enough working group members opposed to the addition of this language that I would recommend we move to a CfO quickly so we can remove this topic from discussion.

- Shane

-----Original Message-----
From: Justin Brookman [mailto:jbrookman@cdt.org] 
Sent: Wednesday, October 29, 2014 12:01 PM
To: Walter van Holst
Cc: Tracking Protection Working Group
Subject: Re: ISSUE-235 (Auditability requirement for security)

For those who don't feel like visiting the wiki, Walter has proposed to retain the auditability requirement, and to clarify with the following language:

In this context auditable is typically understood that there are sufficient records available of access and use of data retained that a third-party auditor would have a reasonable level of confidence that the data retained is exclusively used for the permitted uses or that  breaches of this can be detected ex-post. A good yardstick of the level of confidence would be a similar level of confidence required for the organisation's financial records. 

</walter>

I don't have any great insight into the manner in which companies typically document their access and use of tracking databases, but I'd welcome opinions on whether this would represent a marginal burden to companies.

On Oct 29, 2014, at 7:59 AM, Walter van Holst <walter.van.holst@xs4all.nl> wrote:

> On 2014-10-22 17:40, Justin Brookman wrote:
> 
>> I do not have a general notion of what an auditor would consider to 
>> be auditable, so why don't you propose specific text (doesn't have to 
>> be in the next 20 minutes!) for the group to consider.
> 
> I have put a proposal underneath Vincent's in the wiki:
> 
> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Remove_auditable_
> security_requirement
> 
> Sadly, I'm very unlikely to be able to attend today's call. Feedback by mail, either on- or off-list would be much appreciated.
> 
> Regards,
> 
> Walter

Received on Wednesday, 29 October 2014 20:00:59 UTC