Home arrow Site Administration arrow Page 3 - Understanding P3P

Data Overload - Administration

Worried about greedy online merchants snooping around your harddrive when you visit their e-stores? Wondering how much personalinformation a site actually collects and stores about you? You might beinterested in P3P, an upcoming privacy standard that hopes to bring greatertransparency to the way personal information is used over the Web.

  1. Understanding P3P
  2. Private Thoughts
  3. Data Overload
  4. Off Target
  5. Endgame
By: Vikram Vaswani, (c) Melonfire
Rating: starstarstarstarstar / 1
January 03, 2002

print this article


Here's an example of a simple policy:
<policy name="feedback"
<!-- who's collecting the information? -->
<data ref="#corp.name">Melonfire</data>
<data ref="#corp.email">melonfire@mail.com</data>
<!-- statement explaining the type of information collected, and why? -->
<purpose><develop required="always" /></purpose>
<consequence>Melonfire uses your feedback to improve its content
quality. </consequence>
<retention><no-rentention /></retention>
<data ref="#visitor.name" optional="yes" />
<data ref="#visitor.email" optional="no"/>
<!-- how much of it is shared with others? -->
<access><none /></access>
<!-- how are disputes resolved? -->
<disputes resolution-type="service"
service="http://www.melonfire.com/cs/" short-description="Melonfire
Customer Support">
This may look complicated, but it's actually pretty simple. The document is broken up into distinct sections, each one serving a particular purpose. Every policy begins and ends with <policy> tags; a single document may contain more than one policy, each one identified by a unique "name" attribute and a URL identifying the English-language version of the policy statement.

Within a policy, the <entity> section identifies the entity requesting the information (Melonfire), together with contact details. Next, the <statement> section explains why the information is being collected (in this case, for further development or improvement of the site), together with a list of the data elements collected (name and email address), how long they're stored for (not too long), and who uses it (the site owners only). The <access> element, which is mandatory, explains who has access to the data collected, while the <disputes-group> element provides information on the site's dispute resolution policy.

In case you're wondering where the element names and values come from, most of them are defined and explained in the P3P specification. I won't get into the details of all the options here - you should look at the P3P specification if you're interested - though I will tell you that the choices presented are quite exhaustive, enabling a Web service provider to describe a site's privacy policy in all relevant detail.

>>> More Site Administration Articles          >>> More By Vikram Vaswani, (c) Melonfire

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup

Developer Shed Affiliates


Dev Shed Tutorial Topics: