Voluntary Solutions - HTML

As previously mentioned, the United States tends to have less stringent laws regarding polices than the EU, but generally companies and organizations, especially those with substantial sites, carry privacy notices anyway. One of the most important guidelines to emerge in recent years that can help organizations develop a policy “template” is the Platform for Privacy Preferences Project from the World Wide Web Consortium (W3C), which incorporates many of the procedures developed for the EU’s Directive on the Protection of Personal Data.

Platform for Privacy Preferences project
The Platform for Privacy Preferences (P3P) is a specification developed by the W3C that helps a Web site develop and implement privacy policies in a standardized way and provide these policies in a machine readable format. Not surprisingly, the specification relies on XML, which is very handy because it means your policy development can be both simple and easy to transmit

P3P general syntax
Like any XML, the case of the elements is important, so it’s not policy or Policy, it’s POLICY. If you look at Listing , you can see that the XML vocabulary used for P3P is very intuitive.
An Example of a P3P Policy Generated in XML

Listing shows a limited number of STATEMENT elements, but you can use one for every instance of data collection that exists on your Web site. Each instance is described by a STATEMENT element and abstracted using a CONSEQUENCE element.

P3P processes
P3P is currently in Working Draft, which means you can expect changes in its syntax. However, it is still a useful guide in developing privacy policies. For example, just perusing the specification’s table of contents reveals an outline that reflects much of what you’ve learned in this chapter about both the European approach to privacy and the American approach to privacy regarding information gathering on children (the two of which are quite similar). The core steps in implementing P3P will by now look familiar:

  1. Identify the Entity (using the ENTITY element)—who you are and how a user can contact you.
  2. Disclose where your policy lives on your site using the discuri attribute of the POLICY element
  3. Provide assurances that you are doing what you say by naming the entities that are providing proof of your claims, using the DISPUTES element.
  4. Provide information on the kind of data you are collecting and how you are collecting it using the DATA-GROUP element.

Because P3P is based on XML, a P3P policy can be embedded in a Web Services Description Language (WSDL) document.

Incorporating a Generic P3P Attribute in a WSDL File

Listing uses a “generic” attribute that can be embedded into other XML vocabularies. You can then develop an XSLT style sheet to transform the file into HTML.

Generating P3P files the easy way
Nobody would be too surprised to find out that you don’t want to learn a new vocabulary just to generate some private policies. Luckily, several P3P editors are available that will generate the files for you:

  • IBM P3P Policy Editor
  • PrivacyBot.com
  • For Japanese language sites, Iajapan’s Privacy Policy Wizard
  • P3PEdit
  • Customer Paradigm’s P3P Privacy Policy Creation

These save you the trouble of learning the new syntax, however, it does help to have a general understanding of how the syntax works, because you may find yourself editing small portions of a completed file in a text editor after the file has been completed and uploaded to your server.

Certification and seal programs
A number of privacy and certification sites will guarantee the authenticity of software downloads coming from your site and provide assurances to users of your site that your Web site adheres to the highest privacy and trust standards. These include the following:

  • TRUSTe. “TRUSTe Privacy Seals are committed to abiding by a privacy policy that gives users notice, choice, access, security, and redress with regard to their personal information,” according to the company’s Web site at www.truste.org. The company offers seals for demonstrating compliance with the American Children’s Online Privacy Protection Act, EU guidelines, and health-based privacy issues.
  • The Better Business Bureau Online Privacy Seal demonstrates compliance set for businesses wishing to adhere to Better Business Bureau standards (www.bbbonline.org/privacy).
  • E-Safe is a fee-based service that provides privacy certification seals to Web sites that meet its privacy guidelines
  • Guardian eCommerce Security provides ratings and an approval program for Web sites
  • Privacy Secure, Inc. runs a credit check on your company or organization (or your client’s, if you’re developing as a vendor), reviews any complaints with the Better Business Bureau, and reviews your online payment system PrivacyBot.com, in addition to helping you create P3P-based privacy policy files, registers your site and offers a “Trustmark” that indicates compliance with established privacy trends
  • SecureBiz provides an Online Privacy Seal.
  • Web Trust provides Web site auditing services .
  • Verisign provides layers of security and authentication for secure Web sites
  • Generates seals of authenticity for software downloads from your Web site.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

HTML Topics