W3C home > Mailing lists > Public > www-p3p-dev@w3.org > October 2001

Re: Collection of user information by forms

From: Giles Hogben <giles.hogben@jrc.it>
Date: Tue, 16 Oct 2001 09:12:18 +0200
Message-ID: <003101c15611$e4da7780$162abf8b@pcdsa22>
To: "p3pdev" <www-p3p-dev@w3.org>
Cc: "Tom Jackson" <tom.jackson@jrc.it>, "Bob Thibadeau" <rht@cs.cmu.edu>
I have a question for the group.
I know it's too late for the existing spec, but has the working group
thought about including tags which make statements about the measures the
company takes to secure the data once it is on their servers:
For example
<DATASECURITY><portscanlogs/><penetrationtesting tool="iss"
interval="yearly" description="We use iss vulnerability scanner to test for
vulnerabilities"/></DATASECURITY>

I have just been on a course in penetration testing (for strictly
professional purposes!) and this made me realise that this is quite a big
issue in the data collection cycle, not only in real terms but also in terms
of consumer perception.

Giles Hogben
Received on Tuesday, 16 October 2001 03:11:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 June 2010 00:12:47 GMT