- From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
- Date: Mon, 01 Aug 2011 18:17:51 +0000
- To: public-dap-commits@w3.org
Update of /sources/public/2009/dap/privacy-practices
In directory hutz:/tmp/cvs-serv2209
Modified Files:
Overview.html FPWD.html
Log Message:
additional revisions based on comments from Josh; update to WD-NOTE
Index: Overview.html
===================================================================
RCS file: /sources/public/2009/dap/privacy-practices/Overview.html,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- Overview.html 20 Jul 2011 09:40:55 -0000 1.16
+++ Overview.html 1 Aug 2011 18:17:49 -0000 1.17
@@ -6,7 +6,7 @@
<script src='../ReSpec.js/js/respec.js' class='remove'></script>
<script class='remove'>
var respecConfig = {
- specStatus: "NOTE",
+ specStatus: "WD-NOTE",
shortName: "app-privacy-bp",
editors: [
{ name: "Frederick Hirsch", company: "Nokia", companyURL:
@@ -16,7 +16,7 @@
// previousPublishDate: "1977-03-15",
edDraftURI: "http://dev.w3.org/2009/dap/privacy-practices/",
// lcEnd: "2009-08-05",
- // noRecTrack: true,
+ noRecTrack: true,
};
</script>
<script src='../common/config.js' class='remove'></script>
@@ -60,7 +60,7 @@
[[PRIVACY-BY-DESIGN]].</p>
<div class="practice">
<p>
- <span id="bp-privacy-by-design" class="practicelab">Follow "Privacy By Design" principles</span></p>
+ <span id="bp-privacy-by-design" class="practicelab">Follow "Privacy By Design" principles</span>.</p>
<p class="practicedesc">
Proactively consider privacy, make preservation of
privacy the default, including privacy in a
@@ -156,7 +156,7 @@
Focus on usability should improve a service as well as
making it easier for a user to understand and control use of their
personal information. Minimize use of modal dialogs as they
- harm the user experience and many users will not know how to
+ harm the user experience and many users will not understand how to
respond to prompts, choosing a choice that enables them to
continue their work
[[GEOLOCATION-PRIVACY]].
@@ -169,9 +169,9 @@
potential privacy concerns.
</span></p>
<p class="practicedesc">
- The end user should know if information is being used
+ The end user should understand if information is being used
by the service itself or being shared with a third
- party, especially when 3rd party services are
+ party, especially when third party services are
involved in a "mashup".
</p>
</div>
@@ -179,10 +179,10 @@
<p><span id="bp-clarify-one-shot-or-repeated"
class="practicelab">Be clear as to whether information is
needed on a one-time basis or is necessary for a period of
- time.
+ time and for how long.
</span></p>
<p class="practicedesc">
- The end user should know whether information collected is
+ The end user should understand whether information collected is
for a single use or will be retained and have an impact over time.
</p>
</div>
@@ -200,12 +200,13 @@
items at the
minimum level of detail needed to provide a service.</span></p>
<p class="practicedesc">
- As an example, an address book record is not the
+ As an example, an address book entry is not the
natural level of granularity as a user may wish to
- share different individual address
- book fields differently. Thus the natural level of
- granularity in an address book is the field and no
- more than the necessary fields should be returned in
+ share various individual address
+ book fields independently. Thus the natural level of
+ granularity in an address book is a field and no
+ more than the necessary fields should be provided in
+ response to
an address book entry request.
</p>
</div>
@@ -259,6 +260,21 @@
</p>
</div>
</section>
+ <section id="access-log">
+ <h2>Control and log access</h2>
+ <section id="access-control">
+ <p>Control access to information and support audit with logging.
+ </p>
+ <div class="practice">
+ <p><span id="bp-audit-log"
+ class="practicelab">Control and log access to data.</span></p>
+ <p class="practicedesc">
+ Control access to information through access controls and
+ log access.
+ </p>
+ </div>
+ </section>
+ </section>
<section id='bp-summary'></section>
</body>
</html>
Index: FPWD.html
===================================================================
RCS file: /sources/public/2009/dap/privacy-practices/FPWD.html,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- FPWD.html 20 Jul 2011 09:44:34 -0000 1.7
+++ FPWD.html 1 Aug 2011 18:17:49 -0000 1.8
@@ -1,17 +1,15 @@
<!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
<html lang="en" dir="ltr">
<head>
-
-
<title>Web Application Privacy Best Practices</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
- <link charset="utf-8" type="text/css" rel="stylesheet" href="../ReSpec.js/css/respec.css"><link charset="utf-8" type="text/css" rel="stylesheet" href="http://www.w3.org/StyleSheets/TR/W3C-NOTE"></head><body style="display: inherit;"><div class="head"><p><a href="http://www.w3.org/"><img src="http://www.w3.org/Icons/w3c_home" alt="W3C" height="48" width="72"></a></p><h1 class="title" id="title">Web Application Privacy Best Practices</h1><h2 id="w3c-note-02-august-2011">W3C Note 02 August 2011</h2><dl><dt>This version:</dt><dd><a href="http://www.w3.org/TR/2011/NOTE-app-privacy-bp-20110802/">http://www.w3.org/TR/2011/NOTE-app-privacy-bp-20110802/</a></dd><dt>Latest published version:</dt><dd><a href="http://www.w3.org/TR/app-privacy-bp/">http://www.w3.org/TR/app-privacy-bp/</a></dd><dt>Latest editor's draft:</dt><dd><a href="http://dev.w3.org/2009/dap/privacy-practices/">http://dev.w3.org/2009/dap/privacy-practices/</a></dd><dt>Previous version:</dt><dd>none</dd><dt>Editor:</dt><dd><span>Frederick Hirsch</pan>, <a href="http://www.nokia.com/">Nokia</a></dd>
+ <link href="http://www.w3.org/StyleSheets/TR/W3C-WD" rel="stylesheet" type="text/css" charset="utf-8"></head><body style="display: inherit; "><div class="head"><p><a href="http://www.w3.org/"><img width="72" height="48" src="http://www.w3.org/Icons/w3c_home" alt="W3C"></a></p><h1 class="title" id="title">Web Application Privacy Best Practices</h1><h2 id="w3c-working-draft-02-august-2011">W3C Working Draft 02 August 2011</h2><dl><dt>This version:</dt><dd><a href="http://www.w3.org/TR/2011/WD-app-privacy-bp-20110802/">http://www.w3.org/TR/2011/WD-app-privacy-bp-20110802/</a></dd><dt>Latest published version:</dt><dd><a href="http://www.w3.org/TR/app-privacy-bp/">http://www.w3.org/TR/app-privacy-bp/</a></dd><dt>Latest editor's draft:</dt><dd><a href="http://dev.w3.org/2009/dap/privacy-practices/">http://dev.w3.org/2009/dap/privacy-practices/</a></dd><dt>Previous version:</dt><dd>none</dd><dt>Editor:</dt><dd><span>Frederick Hirsch</span>, <a href="http://www.nokia.com/">Nokia</a></dd>
</dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2011 <a href="http://www.w3.org/"><acronym title="World Wide Web Consortium">W3C</acronym></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute of Technology">MIT</acronym></a>, <a href="http://www.ercim.eu/"><acronym title="European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p><hr></div>
- <div class="introductory section" id="abstract"><h2>Abstract</h2>
+ <div id="abstract" class="introductory section"><h2>Abstract</h2>
This document describes privacy best practices for web
applications, including those that might use device
APIs.
@@ -23,33 +21,33 @@
eventually publish a stabilized version of this document as a W3C
Working Group Note.
</p>
- <p>This document was published by the <a href="http://www.w3.org/2009/dap/">Device APIs and Policy Working Group</a> as a Note. If you wish to make comments regarding this document, please send them to <a href="mailto:public-device-apis@w3.org">public-device-apis@w3.org</a> (<a href="mailto:public-device-apis-request@w3.org?subject=subscribe">subscribe</a>, <a href="http://lists.w3.org/Archives/Public/public-device-apis/">archives</a>). All feedback is welcome.</p><p>Publication as a Note does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.</p><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 W3C Patent Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/43696/status" rel="disclosure">public list of any patent disclosures</a> mae in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the W3C Patent Policy</a>.</p></div><div class="section" id="toc"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a class="tocxref" href="#introduction"><span class="secno">1. </span>Introduction</a></li><li class="tocline"><a class="tocxref" href="#privacybydesign"><span class="secno">2. </span>Privacy By Design</a></li><li class="tocline"><a class="tocxref" href="#usercentric"><span class="secno">3. </span>User Centric Design</a></li><li class="tocline"><a class="tocxref" href="#data-minimization"><span class="secno">4. </span>Minimiz collection and
- transmission of personal data</a><ul class="toc"></ul></li><li class="tocline"><a class="tocxref" href="#data-confidentiality"><span class="secno">5. </span>Maintain the confidentiality of personal data</a></li><li class="tocline"><a class="tocxref" href="#bp-summary"><span class="secno">6. </span>Best Practices Summary</a></li><li class="tocline"><a class="tocxref" href="#references"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#normative-references"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a class="tocxref" href="#informative-references"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div> <!-- abstract -->
+ <p>This document was published by the <a href="http://www.w3.org/2009/dap/">Device APIs and Policy Working Group</a> as a Working Draft. If you wish to make comments regarding this document, please send them to <a href="mailto:public-device-apis@w3.org">public-device-apis@w3.org</a> (<a href="mailto:public-device-apis-request@w3.org?subject=subscribe">subscribe</a>, <a href="http://lists.w3.org/Archives/Public/public-device-apis/">archives</a>). All feedback is welcome.</p><p>Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.</p><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 W3C Patent Policy</a>. The group does not expect this document to become a W3C Recommendation. W3C maintains a <a href="http://www.w3.org/204/01/pp-impl/43696/status" rel="disclosure">public list of any patent disclosures</a> made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the W3C Patent Policy</a>.</p></div><div id="toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a></li><li class="tocline"><a href="#privacybydesign" class="tocxref"><span class="secno">2. </span>Privacy By Design</a></li><li class="tocline"><a href="#usercentric" class="tocxref"><span class="secno">3. </span>User Centric Design</a></li><li class="tcline"><a href="#data-minimization" class="tocxref"><span class="secno">4. </span>Minimize collection and
+ transmission of personal data</a><ul class="toc"></ul></li><li class="tocline"><a href="#data-confidentiality" class="tocxref"><span class="secno">5. </span>Maintain the confidentiality of personal data</a></li><li class="tocline"><a href="#access-log" class="tocxref"><span class="secno">6. </span>Control and log access</a><ul class="toc"></ul></li><li class="tocline"><a href="#bp-summary" class="tocxref"><span class="secno">7. </span>Best Practices Summary</a></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div> <!-- abstract -->
- <div class="section" id="introduction">
+ <div id="introduction" class="section">
<!--OddPage--><h2><span class="secno">1. </span>Introduction</h2>
<p>
This document outlines good privacy practices for web
applications, including those that might use
device APIs. This continues the work on privacy best practices
- in section 3.3.1 on "User Awareness and Control" Mobile Web Application Best Practices [<cite><a href="#bib-MWABP" rel="biblioentry" class="bibref">MWABP</a></cite>]. It does not repeat the privacy principles and
+ in section 3.3.1 on "User Awareness and Control" Mobile Web Application Best Practices [<cite><a class="bibref" rel="biblioentry" href="#bib-MWABP">MWABP</a></cite>]. It does not repeat the privacy principles and
requirements documented in the Device API Privacy Requirements Note
- [<cite><a href="#bib-DAP-PRIVACY-REQS" rel="biblioentry" class="bibref">DAP-PRIVACY-REQS</a></cite>] which should also be consulted.
+ [<cite><a class="bibref" rel="biblioentry" href="#bib-DAP-PRIVACY-REQS">DAP-PRIVACY-REQS</a></cite>] which should also be consulted.
</p>
</div>
- <div class="section" id="privacybydesign">
+ <div id="privacybydesign" class="section">
<!--OddPage--><h2><span class="secno">2. </span>Privacy By Design</h2>
<p>
The principles of "Privacy by Design" should be reflected in the
web application design and implementation, including the use
of device APIs.
These are enumerated below and in more detail in the reference
- [<cite><a href="#bib-PRIVACY-BY-DESIGN" rel="biblioentry" class="bibref">PRIVACY-BY-DESIGN</a></cite>].</p>
+ [<cite><a class="bibref" rel="biblioentry" href="#bib-PRIVACY-BY-DESIGN">PRIVACY-BY-DESIGN</a></cite>].</p>
<div class="practice">
<p>
- <span id="bp-privacy-by-design" class="practicelab">Best Practice 1: Follow "Privacy By Design" principles</span></p>
+ <span id="bp-privacy-by-design" class="practicelab">Best Practice 1: Follow "Privacy By Design" principles</span>.</p>
<p class="practicedesc">
Proactively consider privacy, make preservation of
privacy the default, including privacy in a
@@ -69,7 +67,7 @@
</ol>
</div>
</div>
- <div class="section" id="usercentric">
+ <div id="usercentric" class="section">
<!--OddPage--><h2><span class="secno">3. </span>User Centric Design</h2>
<p>Privacy should be user centric, giving the user understanding
and control over use of their personal data.</p>
@@ -141,10 +139,10 @@
Focus on usability should improve a service as well as
making it easier for a user to understand and control use of their
personal information. Minimize use of modal dialogs as they
- harm the user experience and many users will not know how to
+ harm the user experience and many users will not understand how to
respond to prompts, choosing a choice that enables them to
continue their work
- [<cite><a href="#bib-GEOLOCATION-PRIVACY" rel="biblioentry" class="bibref">GEOLOCATION-PRIVACY</a></cite>].
+ [<cite><a class="bibref" rel="biblioentry" href="#bib-GEOLOCATION-PRIVACY">GEOLOCATION-PRIVACY</a></cite>].
</p>
</div>
<div class="practice">
@@ -153,27 +151,27 @@
potential privacy concerns.
</span></p>
<p class="practicedesc">
- The end user should know if information is being used
+ The end user should understand if information is being used
by the service itself or being shared with a third
- party, especially when 3rd party services are
+ party, especially when third party services are
involved in a "mashup".
</p>
</div>
<div class="practice">
<p><span id="bp-clarify-one-shot-or-repeated" class="practicelab">Best Practice 7: Be clear as to whether information is
needed on a one-time basis or is necessary for a period of
- time.
+ time and for how long.
</span></p>
<p class="practicedesc">
- The end user should know whether information collected is
+ The end user should understand whether information collected is
for a single use or will be retained and have an impact over time.
</p>
</div>
</div>
- <div class="section" id="data-minimization">
+ <div id="data-minimization" class="section">
<!--OddPage--><h2><span class="secno">4. </span>Minimize collection and
transmission of personal data</h2>
- <div class="section" id="minimization-considerations">
+ <div id="minimization-considerations" class="section">
<p>Review the data and how it is structured and used, minimizing
the amount and detail of data required to provide a service.
</p>
@@ -182,12 +180,13 @@
items at the
minimum level of detail needed to provide a service.</span></p>
<p class="practicedesc">
- As an example, an address book record is not the
+ As an example, an address book entry is not the
natural level of granularity as a user may wish to
- share different individual address
- book fields differently. Thus the natural level of
- granularity in an address book is the field and no
- more than the necessary fields should be returned in
+ share various individual address
+ book fields independently. Thus the natural level of
+ granularity in an address book is a field and no
+ more than the necessary fields should be provided in
+ response to
an address book entry request.
</p>
</div>
@@ -209,7 +208,7 @@
</div>
</div>
</div>
- <div class="section" id="data-confidentiality">
+ <div id="data-confidentiality" class="section">
<!--OddPage--><h2><span class="secno">5. </span>Maintain the confidentiality of personal data</h2>
<div class="practice">
<p><span id="bp-use-https" class="practicelab">Best Practice 10:
@@ -238,7 +237,21 @@
</p>
</div>
</div>
- <div class="section" id="bp-summary"><!--OddPage--><h2><span class="secno">6. </span>Best Practices Summary</h2><ul><li><a href="#bp-privacy-by-design">Best Practice 1</a>: Follow "Privacy By Design" principles</li><li><a href="#bp-user-driven">Best Practice 2</a>: Enable the user to make informed decisions about
+ <div id="access-log" class="section">
+ <!--OddPage--><h2><span class="secno">6. </span>Control and log access</h2>
+ <div id="access-control" class="section">
+ <p>Control access to information and support audit with logging.
+ </p>
+ <div class="practice">
+ <p><span id="bp-audit-log" class="practicelab">Best Practice 12: Control and log access to data.</span></p>
+ <p class="practicedesc">
+ Control access to information through access controls and
+ log access.
+ </p>
+ </div>
+ </div>
+ </div>
+ <div id="bp-summary" class="section"><!--OddPage--><h2><span class="secno">7. </span>Best Practices Summary</h2><ul><li><a href="#bp-privacy-by-design">Best Practice 1</a>: Follow "Privacy By Design" principles</li><li><a href="#bp-user-driven">Best Practice 2</a>: Enable the user to make informed decisions about
sharing their personal information with a service.
</li><li><a href="#bp-choices-in-context">Best Practice 3</a>: Enable the user to make decisions at the
appropriate time with the correct contextual information.
@@ -251,7 +264,7 @@
potential privacy concerns.
</li><li><a href="#bp-clarify-one-shot-or-repeated">Best Practice 7</a>: Be clear as to whether information is
needed on a one-time basis or is necessary for a period of
- time.
+ time and for how long.
</li><li><a href="#bp-data-granularity">Best Practice 8</a>: Request the minimum number of data
items at the
minimum level of detail needed to provide a service.</li><li><a href="#bp-data-retention">Best Practice 9</a>:
@@ -266,8 +279,11 @@
</li><li><a href="#bp-secure-storage">Best Practice 11</a>:
Maintain the confidentiality of user data in
storage.
- </li></ul></div>
- <div class="appendix section" id="references"><!--OddPage--><h2><span class="secno">A. </span>References</h2><div class="section" id="normative-references"><h3><span class="secno">A.1 </span>Normative references</h3><p>No normative references.</p></div><div class="section" id="informative-references"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography"><dt id="bib-DAP-PRIVACY-REQS">[DAP-PRIVACY-REQS]</dt><dd>Alissa Cooper, Frederick Hirsch, John Morris. <a href="http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/"><cite>Device API Privacy Requirements</cite></a> 29 June 2010. W3C Note URL: <a href="http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/">http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/</a>
+ </li><li><a href="#bp-audit-log">Best Practice 12</a>: Control and log access to data.</li></ul></div>
+
+
+
+<div id="respec-err" style="position: fixed; width: 350px; top: 10px; right: 10px; border: 3px double #f00; background: #fff" class="removeOnSave"><ul><li style="color: #c00">There appears to have been a problem fetching the style sheet; status=0</li></ul></div><div id="references" class="appendix section"><!--OddPage--><h2><span class="secno">A. </span>References</h2><div id="normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><p>No normative references.</p></div><div id="informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography"><dt id="bib-DAP-PRIVACY-REQS">[DAP-PRIVACY-REQS]</dt><dd>Alissa Cooper, Frederick Hirsch, John Morris. <a href="http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/"><cite>Device API Privacy Requirements</cite></a> 29 June 2010. W3C Note URL: <a href="http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/">http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-2010069/</a>
</dd><dt id="bib-GEOLOCATION-PRIVACY">[GEOLOCATION-PRIVACY]</dt><dd>Marcos Cáceres <a href="http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-21.pdf"><cite>Privacy of Geolocation Implementations</cite></a>, "W3C Workshop on Privacy for Advanced Web APIs" paper, 12/13 July 2010. URL: <a href="http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-21.pdf">http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-21.pdf</a>
</dd><dt id="bib-MWABP">[MWABP]</dt><dd>Adam Connors; Bryan Sullivan. <a href="http://www.w3.org/TR/2010/REC-mwabp-20101214/">Mobile Web Application Best Practices.</a> 14 December 2010. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2010/REC-mwabp-20101214/">http://www.w3.org/TR/2010/REC-mwabp-20101214/</a>
</dd><dt id="bib-PRIVACY-BY-DESIGN">[PRIVACY-BY-DESIGN]</dt><dd>Ann Cavoukian, PhD. <a href="http://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf"><cite>Privacy By Design: The 7 Foundational Principles</cite></a>. August 2009, revised January 2011. URL: <a href="http://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf">http://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf</a>
Received on Monday, 1 August 2011 18:17:57 UTC