On Mar 6, 2013, at 10:02 AM, Barry Leiba wrote: >>> [Page 5] Section 5, "..access to personally identifying information..", do >>> you mean "..access to identifiable personal information" ? >> >> Looking at draft-iab-privacy-considerations, I think "personal data" might >> be best. > > Maybe. But "PII" is a term of art, and it means something different > to (and more specific than) "personal data". I'm not sure whether the > change is the right answer in the full context of the paragraph: > > Protocols that make use of 'acct' URIs are responsible for defining > security considerations related to such usage, e.g., the risks > involved in dereferencing an 'acct' URI and the authentication and > authorization methods that could be used to control access to > personally identifying information associated with a user's account > at a service. > > I suppose, as I mull it over, that changing to "personal data" > probably *is* right. But people should speak up if they think > otherwise.
Yes, I think "personal data" is what we really mean here, not personally identifiable information (such as IP addresses and mother's maiden name). Peter _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
