P3P Components, Deployment, Policy Creation - Part 1 of Chapter 5 from Web Privacy with P3P (5/6)
Web Privacy with P3P, Chapter 5: Overview and Options
Your policy should include enough detail to answer the questions you will have to answer to create a P3P policy. This will be covered in detail in the next chapter, but here's a basic outline of the information you should provide:
- The name and contact information for your company or organization.
- A statement about the kind of access you provide to individuals regarding information you hold about them.
- A statement about the privacy laws with which you comply, the privacy seal programs in which you participate, and other mechanisms available to your customers for resolving privacy disputes. This statement may also describe what remedies you offer should a privacy-policy breach occur.
- A description of how collected data is used and whether individuals can opt-in or opt out of any of these uses.
- Information about whether data may be shared with other companies and, if so, under what conditions and whether or not consumers can opt-in or opt-out of this.
- Information about your site's data-retention policy, if any. Do you make any commitments about purging records on a regular basis?
- Information about how consumers can take advantage of opt-in or opt-out opportunities.
Created: December 23, 2002
Revised: December 23, 2002