|
| |
|
Privacy
| Up until Microsoft's release of their Internet Explorer 6.0, the issues surrounding information privacy had to do with a web site's behavior. What did a web site do to identify someone, what type of information did it collect and after it collected information, what else
did the web site do with the information. IE6, however, has made privacy policies a technical matter.
Simply put, if a user with IE6 opens a web site, the browser will attempt to read the privacy policy file
(an XML file) that exists on the web site and match the user's preferences (tolerance) to the web site's
behavior (published policy).
Lost Pine has implemented the Platform for Privacy Preferences (P3P) Project recommendations in their simplest form. This can be done easily because Lost Pine does not use cookies. If you wish to do something similar, then the following examples and links to other web sites will help you become a P3P compatible web site.
Before embarking on the steps to add P3P to your site, keep in mind the seven areas of Information Privacy:
Notice - Clearly informing customers about what is being collected, why it is collected, who will receive the information, how it will be used and how the customer can contact you about the use.
Choice - Offering and honoring customer requests to opt-out of certain uses if sensitive information is used.
Onward Transfer - Ensuring that any other agent, contractor or 3rd party receiving the information agrees to the same terms as you have stated in your own policy.
Access - Providing customers physical access to their personal information.
Security - Taking reasonable precautions with the information.
Data Integrity - Ensuring that the information is reliable, accurate, complete and current for the use it was intended.
Enforcement - Taking steps to ensure the policies are adhered to via policy, training, and audit.
Lost Pine has a basic policy because it collects no personally identifiable information without a user's choice, no information is retained beyond the use it was collected, and no tracking cookies are used to identify the user. The only automatic data collection is the server logs that track web site performance. Logs have no personally identifiable information in them.
If you use cookies, Lost Pine's policy will not work for you. In addition to a more complex policy, you will need to also implement a COMPACT policy and you should first use the privacy links to fully understand what is required. The links below should provide sufficient information and access to tools so that you can implement P3P.
|
Full Policy File
Policy Reference File |
Lost Pine's XML Policy Files |
| World Wide Web Consortium (w3c) P3P Information |
This is the organization that is responsible for the world wide web standards. They have created a draft policy that is being circulated for industry review. |
| EPIC Tools Page |
EPIC is the Electronic Privacy Information Center, a consortium providing information and tools to assist in understanding privacy regulation and compliance. This link takes you to their TOOLS page. |
| IBM Policy Generation Tool |
IBM is currently working on a tool to automatically build the policies and create all of the necessary files to support P3P. The beta version of the tool is available free at this site. |
| SUN Microsystems |
The IBM Policy Editor is written in JAVA and you will need to download the latest JAVA engine from Sun. It is free for Windows platforms.
Go to the DOWNLOAD section. Look for JAVA[tm] 2 Platform,
Standard Edition[tm] |
| W3 Policy Validation |
This link takes you to a W3C web site that will test your site and provide diagnostics for your policies and reference file. |
| How to Create a Policy |
This is a link to the W3C site where instructions are given on how to create a policy, with or without IBM's tool. |
| Internet Explorer 6.0 |
Microsoft has information regarding how its Internet Explorer works with P3P. This link takes you to that site. |
| Ad-Aware |
A freeware download that will scan your system and
registry to automate the removal of cookies from sites notorious for
tracking. Ad-aware works similar to virus software in that periodic
updates are necessary to include new information on tracking habits of web
sites. |
| Bugnosis |
Recommended by the Privacy Foundation, Bugnosis will add a
button to your IE browser that analyses web pages for web bugs. Web
bugs are hidden code that can be used for tracking users, to reading your
email address books or worse. |
| AT&T's Privacy Bird |
AT&T has released a beta version of its Privacy Bird. This adds an icon that is a little bird in the upper right hand corner of IE browsers.
The bird will change from red (site is not compatible with your privacy
settings) to yellow (site is not P3P compatible) to green (site's P3P
policy meets your privacy requirements). Neat free feature if you
are concerned over third party cookies. |
| Privacy.net |
Privacy.net is an organization focusing on consumer
information. They have an interesting link off of their main page that
will give you an
analysis of your Internet connection
and provide you with a view of information that can be collected about you
from a web site. |
| |
