diff --git a/index.html b/index.html
index 11bc90458..e357e6025 100644
--- a/index.html
+++ b/index.html
@@ -5424,7 +5424,11 @@ <h3>The Principle of Data Minimization</h3>
         <p>
 Implementers of software used by [=holders=] are urged to disclose what
 information is being requested by a [=verifier=], such that a [=holder=] can
-push back on the over-collection of information that is unnecessary for the
+decline to share specific requested information that is unnecessary for the
+transaction. Additionally, logs of information shared with [=verifiers=] are
+strongly encouraged to be available to [=holders=] such that the information
+might be shared with authorities if a [=holder=] believes that they are a
+victim of overreach or coercion to share more than necessary for a particular
 transaction.
         </p>
 
@@ -5764,6 +5768,23 @@ <h3>Usage Patterns</h3>
         </p>
       </section>
 
+      <section class="informative">
+        <h3>Legal Processes</h3>
+
+        <p>
+It is possible, through legal processes, for [=issuers=], [=holders=], and/or
+[=verifiers=] to be compelled to disclose private information to authorities,
+such as law enforcement. It is also possible for the same private
+information to be accidentally disclosed to an unauthorized party through a
+software bug or security failure. Authors of legal processes and compliance
+regimes are advised to draft guidelines that notify the [=subjects=] involved
+when their private information is purposefully or accidentally disclosed to a
+third party. Providers of software services are advised to be transparent about
+known circumstances that might cause such private information to be shared with
+a third party, and about the identity of any such third party.
+        </p>
+      </section>
+
       <section class="informative">
         <h3>Sharing Information with the Wrong Party</h3>
 
@@ -5920,12 +5941,14 @@ <h3>Private Browsing</h3>
 In an ideal private browsing scenario, no PII will be revealed. Because many
 [=credentials=] include PII, organizations providing software to
 [=holders=] should warn them about the possibility of revealing this
-information if they wish to use [=credentials=] and [=presentations=]
+information if they use [=credentials=] and [=presentations=]
 while in private browsing mode. As each browser vendor handles private browsing
 differently, and some browsers might not have this feature at all, it is
-important for implementers to be aware of these differences and implement
-solutions accordingly.
+important for implementers to not depend on private browsing mode to provide
+any privacy protections. Instead, implementers are advised to depend on
+tooling that is directly usable by their software to provide privacy guarantees.
         </p>
+
       </section>
 
       <section class="informative">
