Clarify confidentiality requirements #835
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is an attempt to clarify the confidentiality requirements by
separating concerns.
* the second bullet in the list is about using reasonable effort. It's
not specifically the different levels of confidentiality, nor about any
particular action that must be taken. It's only about defining the
standard of care that is applicable to maintaining confidentiality.
* The third bullet is specifically about "must not disclose".
But the phrasing of the second bullet could be read as if there was some
particular task or activity ("effort") to be performed when dealing with
different levels, suggesting that maybe changing levels was OK, as long
as you do it the right way (maybe by redacting something).
This rephrasing clarifies that "reasonable effort" is a general
requirement about confidentiality, and that disclosing beyond the proper
level is not appropriate.
|
looks good to me |
TallTed
approved these changes
Mar 27, 2024
|
The Revising W3C Process CG just discussed
The full IRC log of that discussion<fantasai> Subtopic: Clarify confidentiality management<fantasai> github: Clarify confidentiality management <fantasai> github: https://github.com//pull/835 <fantasai> florian: Josh made a PR to try to clarify confidentiality management, but most people found the PR even more confusing <fantasai> ... after discussion in the last telecon, got a better idea of what he was trying to fix <fantasai> ... this is an attempt to solve that confusion <cwilso> +1 <fantasai> joshco: Agree this is better <fantasai> ... previously [missed] <fantasai> ... but now it says "whatever the confidentiality level is, you're supposed to respect it" <fantasai> ... which is good <TallTed> wfm <fantasai> plh: Objections to merge? <fantasai> RESOLVED: Merge PR 835 to clarify confidentiality management |
css-meeting-bot
removed
the
Agenda+
frivoal
added
the
Closed: Accepted
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an attempt to clarify the confidentiality requirements by separating concerns.
But the phrasing of the second bullet could be read as if there was some particular task or activity ("effort") to be performed when dealing with different levels, suggesting that maybe changing levels was OK, as long as you do it the right way (maybe by redacting something).
This rephrasing clarifies that "reasonable effort" is a general requirement about confidentiality, and that disclosing beyond the proper level is not appropriate.
This PR is meant as a possible alternative to #722
Preview | Diff