Automate your privacy policy
Barrie Sosinsky
Most responsible web sites have some type of privacy policy statement. We are however, being bombarded with more and more online transactions that ask for personal information and it has become impossible for users to keep up with all the places they leave their information. The P3P standard, first proposed in 1997, is an Internet standard endorsed by Netscape, Microsoft, and others. It automates the disclosure and evaluation of privacy information by encoding universal options for what can be done with users' personal data into machine-readable Extensible Markup Language or XML. Rather than written-out privacy statements, the Webmaster defines XML policy files that encode the options for your site, or for individual pages.
Web designers do not have to create or edit the XML files by hand. Vendors such as IBM and PrivacyBot.com, etc. have tools that generate policy files automatically. They are based on questions the Webmaster answers.
The first thing you must do is to create a written privacy policy for your organization after meeting with management and deciding what policy is appropriate for your site. Some sites have more than one P3P policy, depending upon the data collection techniques and purposes. Users should be able to reference the written policy to see what overall policies are in place, and specify certain ones for the type of information they are willing to provide. If your Website has different parts that require different policies, be certain that you tailor the policies for each page. You may produce a blanket policy for most information and then add or delete other parts as necessary. Users should be able to tell at a glance how their information will be used.
To assist you there are three good policy-generator software applications available to create and publish your company's P3P policy (or policies, if need be). Currently available are IBM P3P Policy Editor, PrivacyBot.com, and YOUpowered's Smart Privacy Publisher. These are updated frequently to reflect up-to-date specifications.
When establishing policy, be sure you include the four principle areas: Entity (who you are); Disclosure (where your written policy is located on the Website); Assurances (what third party insures that you are complying with your pledges); and Data Collection Purposes (what data elements you are collecting and how you will use them. For more detailed information on this topic link to www.w3.org/P3P/details.html.
Barrie Sosinsky (barries@killerapps.com)is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.
Did you like this tip? You should let us know. E-mail to vent.
Related Book
Net Privacy: A Guide to Developing & Implementing an Ironclad ebusiness Privacy Plan
Author : Michael Erbschloe and John Vacca
Publisher : McGraw-Hill
Published : Mar 2001
Summary:
Net Privacy shows you how to design and implement a corporate privacy program that safeguards valuable customer and company data while protecting your ability to use that data to compete successfully. Encompassing both the business and technology sides of the privacy issue.
