Worried about greedy online merchants snooping around your harddrive when you visit their e-stores? Wondering how much personalinformation a site actually collects and stores about you? You might beinterested in P3P, an upcoming privacy standard that hopes to bring greatertransparency to the way personal information is used over the Web.
<policies>
<policy name="feedback"
discuri="http://www.melonfire.com/w3c/feedback_policy.html">
<!-- who's collecting the information? -->
<entity>
<data-group>
<data ref="#corp.name">Melonfire</data>
<data ref="#corp.email">melonfire@mail.com</data>
</data-group>
</entity>
<!-- statement explaining the type of information collected, and why? -->
<statement>
<purpose><develop required="always" /></purpose>
<consequence>Melonfire uses your feedback to improve its content
quality. </consequence>
<recipient><ours/></recipient>
<retention><no-rentention /></retention>
<data-group>
<data ref="#visitor.name" optional="yes" />
<data ref="#visitor.email" optional="no"/>
</data-group>
</statement>
<!-- how much of it is shared with others? -->
<access><none /></access>
<!-- how are disputes resolved? -->
<disputes-group>
<disputes resolution-type="service"
service="http://www.melonfire.com/cs/" short-description="Melonfire
Customer Support">
<remedies><correct/></remedies>
</disputes>
</disputes-group>
</policy>
</policies>
This may look complicated, but it's actually pretty simple.
The document is broken up into distinct sections, each one serving a particular purpose. Every policy begins and ends with <policy> tags; a single document may contain more than one policy, each one identified by a unique "name" attribute and a URL identifying the English-language version of the policy statement.
Within a policy, the <entity> section identifies the entity requesting the information (Melonfire), together with contact details. Next, the <statement> section explains why the information is being collected (in this case, for further development or improvement of the site), together with a list of the data elements collected (name and email address), how long they're stored for (not too long), and who uses it (the site owners only). The <access> element, which is mandatory, explains who has access to the data collected, while the <disputes-group> element provides information on the site's dispute resolution policy.
In case you're wondering where the element names and values come from, most of them are defined and explained in the P3P specification. I won't get into the details of all the options here - you should look at the P3P specification if you're interested - though I will tell you that the choices presented are quite exhaustive, enabling a Web service provider to describe a site's privacy policy in all relevant detail.
Site Administration 
/ 1 
