P3P Components, Deployment, Policy Creation - Part 1 of Chapter 5 from Web Privacy with P3P (5/6) | WebReference

P3P Components, Deployment, Policy Creation - Part 1 of Chapter 5 from Web Privacy with P3P (5/6)

To page 1To page 2To page 3To page 4current pageTo page 6
[previous] [next]

Web Privacy with P3P, Chapter 5: Overview and Options

So how do you get started? The first thing to do is to determine which people in your company need to be involved in preparing and approving a privacy policy. This will probably include some high-level managers and attorneys and might also include representatives from the teams within your company that are responsible for running your web site and for collecting and maintaining personal data (on customers, employees, or anyone else). It is also helpful to review privacy policies from similar companies as well as any privacy guidelines that are relevant to your industry. Many industry associations have drafted such guidelines and have them available on their web sites.

Your team of privacy-policy drafters first needs to determine the scope of your new policy--will it be a comprehensive policy, a policy for just your web site, or a policy for some subset of your business? Next, review your current practices. What would your policy look like if you were to simply document your current information practices? Now, look toward the future. If your company is interested in earning a reputation for protecting customers' privacy, you may want to commit to improving your practices by reducing the amount of data you collect, how long you keep it, or how widely you share it. You may also want to improve your security precautions or offer your customers more choices about how their data is used (opt-in or opt-out options). On the other hand, you may anticipate new products or services that your company may offer that will require data practices that are not adequately addressed by documenting only current practices. This is where your company needs to make some policy choices and decide what sort of privacy policy you are willing to commit to and follow. While it is possible to change your company's policy as your business changes, you should plan to do so only occasionally, because doing it properly is a huge amount of work. In addition, you should plan on asking your customers for their informed consent before using data collected under an old policy in ways that are described only in the new policy.

Your policy should include enough detail to answer the questions you will have to answer to create a P3P policy. This will be covered in detail in the next chapter, but here's a basic outline of the information you should provide:


To page 1To page 2To page 3To page 4current pageTo page 6
[previous] [next]

Created: December 23, 2002
Revised: December 23, 2002

URL: http://webreference.com/authoring/p3p/chap5/1/5.html