Closed ghost closed 1 year ago
Are you talking about at the start of the Note section for https://www.w3.org/TR/WCAG21/#timeouts?
If so, we won't be able to make that change as it is in the WCAG 2.1 spec, but perhaps you can suggest something for the related understanding document ( https://www.w3.org/WAI/WCAG21/Understanding/timeouts.html)?
Yes, that was the area I was referencing.
I would be happy to make a recommendation regarding this for the understanding document.
@thaddeus-cambron any suggestions on this for the understanding document?
"Privacy regulations and compliance standards, for example, PCI or HIPAA, may require ..."
I think it needs turning around if it's part of the understanding doc, it shouldn't repeat the SC text.
How about:
Examples of privacy regulations or compliance standards that may require consent and authentication before saving data are PCI (Payment Card Industry) and HIPAA (Health Insurance Portability and Accountability Act of 1996).
(In PR #501)
I am not sure the best wording to be honest with you. For example, CVV cannot be saved at all - even with consent. That is why it is removed from a form if another field is in error. The goal was to add the word "compliance" in addition to "privacy". I trust your judgement on the exact verbiage.
Ok, I'll try this then:
Examples of privacy regulations mentioned in the success criteria note, and related compliance standards, are PCI (Payment Card Industry) and HIPAA (Health Insurance Portability and Accountability Act of 1996).
Without it being mentioned in the SC text it is somewhat tenuous, but hopefluly people get the idea.
@alastc I don't see any of the text your last comment in the Understanding document. Do you still want to add it or shall I close this?
if you are going to include @alastc's proposed wording, note that it should say "success criterion" (singular) rather than "success criteria" (plural)
Success Criterion 2.2.6: Timeouts
Recommendation is to add the word "compliance " to read Compliance and privacy regulations ...". As an example, the Payment Card Industry Data Security Standard includes security standards related to the storage, use and controls associated with credit card information.