This is an attempt to clarify the confidentiality requirements by separating concerns.
the second bullet in the list is about using reasonable effort. It's not specifically the different levels of confidentiality, nor about any particular action that must be taken. It's only about defining the standard of care that is applicable to maintaining confidentiality.
The third bullet is specifically about "must not disclose".
But the phrasing of the second bullet could be read as if there was some particular task or activity ("effort") to be performed when dealing with different levels, suggesting that maybe changing levels was OK, as long as you do it the right way (maybe by redacting something).
This rephrasing clarifies that "reasonable effort" is a general requirement about confidentiality, and that disclosing beyond the proper level is not appropriate.
The Revising W3C Process CG just discussed Clarify confidentiality management, and agreed to the following:
RESOLVED: Merge PR 835 to clarify confidentiality management
The full IRC log of that discussion
<fantasai> Subtopic: Clarify confidentiality management
<fantasai> github: Clarify confidentiality management
<fantasai> github: https://github.com/w3c/w3process/pull/835
<fantasai> florian: Josh made a PR to try to clarify confidentiality management, but most people found the PR even more confusing
<fantasai> ... after discussion in the last telecon, got a better idea of what he was trying to fix
<fantasai> ... this is an attempt to solve that confusion
<cwilso> +1
<fantasai> joshco: Agree this is better
<fantasai> ... previously [missed]
<fantasai> ... but now it says "whatever the confidentiality level is, you're supposed to respect it"
<fantasai> ... which is good
<TallTed> wfm
<fantasai> plh: Objections to merge?
<fantasai> RESOLVED: Merge PR 835 to clarify confidentiality management
This is an attempt to clarify the confidentiality requirements by separating concerns.
But the phrasing of the second bullet could be read as if there was some particular task or activity ("effort") to be performed when dealing with different levels, suggesting that maybe changing levels was OK, as long as you do it the right way (maybe by redacting something).
This rephrasing clarifies that "reasonable effort" is a general requirement about confidentiality, and that disclosing beyond the proper level is not appropriate.
This PR is meant as a possible alternative to https://github.com/w3c/w3process/pull/722
Preview | Diff