by Cheryl D. Wise

Reviews

• Home
• Adobe CS 2 Install
• GoLive CS 2
• InDesign CS 2
• Dreanweaver 8
• FlashObect Test
• Privacy Policies
• ftp-clients
• Contact

Tips

• Windows XP SP 2 Preveiw Local IE

 

Privacy Policies

When the by-expression.com website one was conceived and created one of the features added was forum. The forum requires people to be registered users before they can post and cookies are used to keep track of whether the person is logged in or not.

This means that a privacy policy is required. You need a privacy policy not only to let people see what you are doing with the data you collect but also because Internet Explorer 6 on Windows XP with Service Pack 2 installed will look for a compact privacy policy. If a policy is not found the person may be warned that there is not a privacy policy. Not a very good introduction to your site. In addition, IE 6 and AOL browsers may block cookies from our site from being written or used if you do not have a P3P compliant policy.

The W3C has come up with the “Platform for Privacy Preference Project” or P3P for short to provide a simple, automated way for users to gain more control over the use of personal information on Web sites they visit. For more information see the brochure entitled, “P3P Public Overview”.

There are two types of privacy policies:

Human Readable:

Usually an HTML web page written in terms the average web surfer can understand. Keep the language simple.

Machine Readable:

Read by the web browser, a machine readable privacy policy is usually called a “compact privacy policy” and written in XML.

You should have both if you are setting cookies but the human readable one is adequate for many web pages.

When do you need a privacy policy:

• You sell something on your site.
• You have any sort of user registration whether for commenting on a blog or a forum.
• You have a contact form or provide an email address for visitors to ask questions.

Having said when you need a privacy policy let me go on to say that you should always have at least a human readable privacy policy even if the only thing you have is a visitor statistics analysis program. Something as simple as a hit counter can qualify as collecting visitor statistics.

Human Readable Privacy Policy

Is exactly what it says, one that a visitor can read. The link to which must be on any page where you collect information. That means any contact form page, any page with an email address and any page that you collect visitor stats from. For all practical purposes that means every page on your site.

What Should Your Human Readable Policy Contain?

Your html privacy page must contain:

• The information you are collection.
• Whether the information can be linked to an individual.
• How the information is used.
• What happens to the information you have collected.
• Is it shared with others.
• How can the visitor get identifiable information deleted from your records.

Site Statistics Only - No Uniquely Identifiable Information

For many websites the only information collected are anonymous information in the site logs. While the information may contain search terms and referrer information it is not information that can easily be traced to one identifiable visitor. In that case you privacy policy can be very simple. A short paragraph that says:

“We collect no uniquely identifable information that can be linked to an individual.”

Contact Form or Email Address Only

Most website have some method of contacting the site owner or webmaster. It maybe a contact form or it may be an email address. In that case you need a slightly more complex html privacy policy. Something like:

“Whole we collect no uniquely identifiable information from this site's visitors unless the visitor voluntarily provides the information by using the (hyperlink) contact form or email address. Information collected by the use of [insert method] will be used only to respond the request sent and will not be maintained or shared once the purpose for which the contact was made has been completed.”

Machine Readable Privacy Policy

Are written in XML and are frequently located in a folder named w3c on your website. That is where browsers will look for the compact privacy policy by default for a file named p3p.xml which will either have your privacy policy written in the xml file or contain a link to one or more privacy policies for your site. That's right you may have more than one privacy. An example of when you may want more than one would be if you collected no identifiable informaiton from the typical site visitor but did have a blog that llowed people who registered to submit comments. The blog could then have its own privacy policy separate from the simple one used on the rest ofthe site.

While an XML file is easy to create and the syntax for a privacy policy is fairly simple (see "Make Your Web Site P3P Compliant
How to Create and Publish Your Company's P3P Policy (in 6 Easy Steps)") it can be intimidating for many people. There are P3P generators available on the net but very few of them are free.

• OECD Privacy Statement Generator
• P3PWiz.com

Not free but may generate more complex P3P statements better but I should not I have not tried them:

IBM's P3PEditor - $499 for the tool, it requires java and a 90 day trial is available.

Customer Paradigm - $225 per site includes uploading and support.

PrivacyBot.com - $100 per site.

P3PWriter - $39.95 per site, includes a year of support. They also include a cookie wizard and policy validator but you must buy yoru privacy policy from them to use them.

P3PEdit - $34.95 per site, their support and options look good for the price.

P3Pbuilder = $29.95 per site and includes one year of support.

Validate Your Privacy Policy

The simplest way to validate your privacy policy is to use the W3C P3P Validator

© 2005-2006 Cheryl D. Wise, WiserWays LLC