Return to list of success criteria

2.2.6 Timeouts [Level AAA]

Description

Users are warned of the duration of any user inactivity that could cause data loss, unless the data is preserved for more than 20 hours when the user does not take any actions.

Note

Privacy regulations may require explicit user consent before user identification has been authenticated and before user data is preserved. In cases where the user is a minor, explicit consent may not be solicited in most jurisdictions, countries or regions. Consultation with privacy professionals and legal counsel is advised when considering data preservation as an approach to satisfy this success criterion.

Back to top

Sufficent Techniques

Advisory Techniques

Back to top

Failures

Back to top

Notes

Back to top