P3P Components, Deployment, Policy Creation - Part 1 of Chapter 5 from Web Privacy with P3P (4/6) | WebReference

P3P Components, Deployment, Policy Creation - Part 1 of Chapter 5 from Web Privacy with P3P (4/6)

To page 1To page 2To page 3current pageTo page 5To page 6
[previous] [next]

Web Privacy with P3P, Chapter 5: Overview and Options

Creating a Privacy Policy

Some companies have had privacy policies for many years; however, since the mid-1990s, an increasing number of companies have adopted privacy policies and posted these policies on their web sites. In the U.S. this push for privacy policies has been driven largely by the FTC's frequent reports on the number of web sites with privacy policies and by industry self-regulatory efforts. If your company doesn't yet have a privacy policy, now is the time to consider writing one. If you're reading this book, you probably already knew that--but just to be clear, If you want to use P3P on your web site, you must have a privacy policy for your web site! You may want to write a privacy policy that covers your entire business rather than just your web site, but at minimum you must have a web site privacy policy if you want to P3P-enable your site.

Because a privacy policy is a commitment from your company, you should think about it the way you think about any other contract into which your company enters. Don't commit to terms you don't intend to meet, and make sure the appropriate managers and legal council sign off on it before you publish it. After you write a privacy policy, it's a good idea to review your internal corporate processes to ensure that they are consistent with your policy and to put procedures in place to make sure that all employees are aware of it and follow it. You may want to undergo a periodic privacy audit to make sure your company is following its policy. You can conduct a self-audit or hire a consulting firm that specializes in privacy audits.

You might also consider using software tools that can help automate the process of monitoring your own web site with respect to privacy. See, for example, Intelytics Site Sentinel (http://www.intelytics.com/site/index.jsp), the PrivacyWall family of products from Idcide (http://www.idcide.com), the WebCPO product from Watchfire (http://www.watchfire.com), and the Tivoli products from IBM (http://www.tivoli.com). Also, the Zero-Knowledge P3P Analyzer (http://p3p.zeroknowledge.com) helps sites track their P3P compact policies. These tools won't guarantee that you don't make a mistake, but they will make it easier to spot problems quickly.

TIP: Anyone who can edit files on your web server might be running applications that set cookies or collect data from web site visitors. Make sure that you communicate with all of these people, so that you understand their data practices and they understand your corporate privacy policy.


To page 1To page 2To page 3current pageTo page 5To page 6
[previous] [next]

Created: December 23, 2002
Revised: December 23, 2002

URL: http://webreference.com/authoring/p3p/chap5/1/4.html