Privacy/TPWG/Change Proposal Remove auditable security requirement
Remove auditability requirement from security section
From "Reasonable Security" section:
Third parties SHOULD ensure that the access and use of data retained for permitted uses is auditable.
Add explanatory non-normative text
Proposal by Walter van Holst
To "Reasonable Security" section add:
For the purposes of this recommendation, auditable is understood as having sufficient records of access and use of data retained such that an independent auditor would have a reasonable level of confidence that the data retained is exclusively used for the permitted uses or that breaches of this can be detected ex-post. For example, an auditor might use a similar level of confidence to that required for the organization's financial records.