RE: ISSUE-235 (Auditability requirement for security)

On 2014-10-29 20:59, Shane M Wiley wrote:
> Justin and Walter,
> 
> I continue to believe this is unneeded as an element of the TCS.
> Regulators already have the tools needed to inspect companies they
> believe to be in violation of their privacy promises to users.  The
> proposed language creates uncertainty for companies that anything they
> purge with the goal of data minimization in mind would now be subject
> to retention requirements for "auditability".  This is a slippery
> slope with considerable complexity.  I believe we have enough working
> group members opposed to the addition of this language that I would
> recommend we move to a CfO quickly so we can remove this topic from
> discussion.

Shane,

The mere expression of a belief is in itself not a substantive argument. 
I would be more than happy to add language saying that none of this 
should result in retention of tracking data that otherwise would not be 
retained. So if that is your worry, that can be addressed.

Regards,

  Walter

Received on Monday, 3 November 2014 13:39:30 UTC