U.S. Department of Commerce - PowerPoint PPT Presentation

1 / 32

About This Presentation

Title:

U.S. Department of Commerce

Description:

The privacy policy statements of all Commerce Web sites must notify Web site ... www.tigerdirect.com FALSE / FALSE 1089172972 MyEmail myname_at_domain.net. ... – PowerPoint PPT presentation

Number of Views:89

Avg rating:3.0/5.0

Slides: 33

Provided by: weba6

Category:

more less

Transcript and Presenter's Notes

Title: U.S. Department of Commerce

1
Privacy Provisions of the E-Government Act of
2002 Section 208

U.S. Department of Commerce
Web Advisory Group
http//www.osec.doc.gov/webresources/

Privacy Policy Requirement Changes
The "Privacy Statement" or "Privacy Notice" must
now be renamed "Privacy Policy"
The privacy policy statements of all Commerce Web
sites must notify Web site visitors of their
rights under the Privacy Act. This requirement
applies regardless of whether the Web site uses
or collects any Privacy Act information, or
indeed, any information at all.
The privacy policy statement must inform users
how to grant consent to use of voluntarily-provide
d information.
When an agency Web site requests that a user
provide voluntary information, it must explicitly
inform the user that providing the information is
voluntary.

The privacy policy statement must include, in
clear language, information about management,
operation, and technical controls ensuring the
security and confidentiality of personally
identifiable records, and, in general terms,
information about any additional safeguards used
to identify and prevent unauthorized attempts to
access or cause harm to information and systems
The policy on use of persistent cookies is
extended to include any persistent tracking
technology. Therefore, prior to use of any such
technology, approval must be obtained from the
Secretary of Commerce in the same fashion as for
persistent cookies.
Both a human readable Privacy Policy and agency
use of machine readable technology that alerts
users automatically about whether site privacy
practices match their personal privacy
preferences.

4
Isnt the Text Version Enough?

Isnt the Text Version Enough?
Most users do not see the text privacy policy
until after they have visited one or more of the
sites pages.
Text privacy policies are sometimes difficult for
users to locate, too lengthy for users to read,
difficult to understand, and can change without
notice.

5
Machine-Readable Policy

Machine-Readable Policy
The Platform for Privacy Preferences Project
(P3P) is the standard for machine-readable
Privacy Policy.
P3P enables web sites to translate their privacy
practices into a standardized format (Extensible
Markup Language - XML) that can be retrieved
automatically and easily interpreted by a user's
browser.

6
What Does P3P Address?
What Does P3P Address?

Who is collecting data?
What data is collected?
For what purpose will data be used?
Is there an ability to opt-in or opt-out of some
data uses?
Who are the data recipients (anyone beyond the
data collector)?

To what information does the data collector
provide access?
What is the data retention policy?
How will disputes about the policy be resolved?
Where is the human-readable Privacy Policy?

7
What P3P Does Not Address

What P3P Does Not Address
P3P does not set minimum standards for privacy
nor can it monitor compliance with stated policy.
Certain types of cookies can be blocked based
on type of cookie but not based on content of
information in them.
Implementation varies among browsers.
None go beyond cookies at this time.

8
The Machine Readable Privacy Policy - XML
The Machine Readable Privacy Policy (XML Format)

An XML format for expressing a privacy policy
Using a standard P3P base data schema
The policy reference file includes the following
statements
The URL where a P3P policy is found
The URLs or regions of URL-space included or
excluded by this policy
The cookies that are or are not covered by this
policy
The period of time for which these claims are
considered to be valid

9
Location of the machine readable file

The location of the machine readable policy file
can be indicated using one of the following
At the server level
may be located in a predefined "well-known"
location (well known to the browser),
http//www.agency.gov/w3c/p3p.xml
through an HTTP header
At the web page level
a document may indicate a policy reference file
through an HTML link tag or XHTML link tag

10
Machine Readable Policy Tools

Machine Readable Policy Tools
Free editor tools
HiSoftware P3P Builder
www.hisoftware.com/access/valueaddp3p.html
IBM alphaWorks P3P Policy Editor
www.alphaworks.ibm.com/tech/p3peditor
Validator Tool
www.w3.org/P3P/validator.html

11
How Does P3P Work?
How Does P3P Work?
12
How Users Are Notified
How Users Are Notified Web Browser Alerts Web
visitors who want to take advantage of P3P
enabled sites have to set their personal privacy
preferences in their web browser.
13
Browser Support

Browser Support
Browser implementation of P3P is concerned with
the issue of cookies
When the browser encounters a cookie from a web
page that either does not have a compact P3P
policy, or that has a P3P policy that does not
match the users privacy preferences, the user is
alerted via icons.
Browsers supporting Compact P3P Policy
Netscape 7
Mozilla
Internet Explorer 6
ATT Privacy Bird (Plug-in for Internet Explorer)

14
Cookies

Cookies
Cookies are information stored by a server on a
visitors computer during their first visit to
the site and used on subsequent visits to the
site.
This may be information obtained without asking
(e.g., viewing habits), or information provided
by the user (name, preferences).
The server records this information in a text
file and stores this file on the visitor's hard
drive.
What do your cookies say about you? Search your
computer for the cookie files You might be
surprised.

15
Example of Cookies

Example of Cookies
Netscape HTTP Cookie File
http//www.netscape.com/newsref/std/cookie_spec.
html
This is a generated file! Do not edit.
home.frontiernet.net FALSE / FALSE 1089259125 regi
onid 1
home.frontiernet.net FALSE / FALSE 1089259125 stat
eabb WV
home.frontiernet.net FALSE / FALSE 1089259125 npa
304
home.frontiernet.net FALSE / FALSE 1089259125 city
CharlesTown
.mp3.com TRUE / FALSE 1293839999 RMID 8c5a18333f09
c160
.2o7.net TRUE / FALSE 1234755376 s_vi_bzbx7Bmfehkf
CSv43F09DC8800001DFF-A000A4A000000014032DDB1
CE
.2o7.net TRUE / FALSE 1234755376 s_vi_nvnwhg CSv
43F09DC8800001DFF-A000A4A000000014032DDB1CE
.2o7.net TRUE / FALSE 1220907114 s_vi_cx7Bczccdfx6
0x7Fl CSv33F09DC8800001DFF-A000A4A000000013F5F
8EC23F09DC883F5F8EC33F5F8EFE2400ltx0AGKIx
04cEPASEx5Dx1Ex04lKIAx04EJx40x04lKIAx04kBBMGAltx0
AGKIx04cEPASEx5Dx1Ex04lKIAx04EJx40x04lKIAx04kBBMGA
CE
.2o7.net TRUE / FALSE 1220907114 s_sv_cx7Bczccdfx6
0x7Fl CSv23F5F8EFECE
.2o7.net TRUE / FALSE 1234755376 s_vi_cx7Bczxxfifx
60x7Fl CSv43F09DC9B00003CC3-A000A4F00000001403
2DDB1CE
www.tigerdirect.com FALSE / FALSE 1089172972 MyEma
il myname40domain2Enet
.bizrate.com TRUE / FALSE 1373027937 br 1057667905
47740314
.bizrate.com TRUE / FALSE 1373027937 eval 10576679
0547766748
.bizrate.com TRUE / FALSE 1373027937 survey 23939_
2003_Jul_8

16
Location of Cookie Files

Location of Cookie Files
In Internet Explorer cookie files are in the
cookies folder
C\Documents and Settings\user\Cookies

How to Delete Cookies From Internet Explorer -
Microsoft Knowledge Base http//support.microsoft
.com/default.aspx?scidkbEN-US278835

In Netscape cookies are stored in a file named
cookie.txt

17
How Cookies and Browsers Interact

How Cookies and Browsers Interact
By default, browsers allow the use of cookies.
You can change your privacy settings so that your
browser
Will ask you before placing a cookies on your
computer, or
Will prevent the browser from accepting any
cookies, or
Will handle First- and Third- Party cookies
differently
You can specify how you want to handle cookies
from individual web sites or all web sites

18
Persistent Cookie

Persistent Cookie
stored on your computer
remains there when you close your browser
can be read by the web site that created it when
you visit that site again.

19
Temporary or Session Cookie

Temporary or Session Cookie
stored on your computer
retained only for your current browsing session
deleted from your computer when you close your
web browser.

20
Unsatisfactory Cookie

Unsatisfactory Cookie
might allow access to personally identifiable
information
information could be used for a secondary purpose
without your consent.

21
First-Party Cookie

First-Party Cookie
either originates on or is sent to the web site
you are currently viewing
commonly used to store information such as your
preferences, for use when you re-visit the site

22
Third-Party Cookie

Third-Party Cookie
either originates on or is sent to a web site
different from the one you are currently viewing
commonly used to track your web page use for
advertising or other marketing purposes
Example site xyz.com uses content from site
123.com. Site 123.com uses a cookies to track web
page views and use by visitors to xyz.com

23
Setting Netscape 7 Preferences
Setting Netscape 7 Preferences
24
Netscape 7 Notification
Netscape 7 Notification
A warning appears when the browser encounters a
cookie that either does not have a compact P3P
policy or has a P3P policy that does not match
the browser preferences
25
Setting Mozilla Preferences
Setting Mozilla Preferences
26
Setting IE 6 Preferences
Setting IE 6 Preferences
27
IE6 Notification
IE6 Notification
A warning appears when the browser encounters a
cookie that either does not have a compact P3P
policy or has a P3P policy that does not match
the browser preferences
28
IE 6 Privacy Reports
IE 6 Privacy Reports
29
ATT Privacy Bird
ATT Privacy Bird A free plug-in for Internet
Explorer 6
Green Bird
Yellow Bird
Red Bird
Audible Notifications
30
To Assist DOC Web Developers

To Assist DOC Web Developers
Web Advisory Group will post guidance on the WAG
site to help webmasters meet the December 2004
deadline (http//www.osec.doc.gov/webresources/)
Links to various tools we have tested
Examples
How to" information
Reference materials (W3C)

31
Reference Materials