W3C home > Mailing lists > Public > www-p3p-policy@w3.org > February 2002

Re: [Newbie] What to I have to worry about in my policies

From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 13 Feb 2002 22:16:22 -0500
Message-ID: <021201c1b505$fba764c0$3e06cf87@research.att.com>
To: <list@adamvandenhoven.com>, <www-p3p-policy@w3.org>
There are three possible approaches here....

One possibility would be for you to consider yourself
an agent and point to the P3P policy of each credit
union as appropriate. This assumes that your
applications have different URLs for each credit
union you serve and that you use different cookies
for each one.

Another possibility would be for you to consider yourself
an agent but declare the policies on behalf of your clients.
You would have to have
a policy that describes the type of data collected
and state that it can be uses for any purpose (unless
your contracts with the credit unions or banking laws
limit what this data can be used for).

Yet another possibility would be for you to describe
only the uses that you make of the data and state that
you share the data with other parties who may use it
for other purposes.

Lorrie


----- Original Message -----
From: "Adam van den Hoven" <list@adamvandenhoven.com>
To: <www-p3p-policy@w3.org>
Sent: Wednesday, February 13, 2002 7:46 PM
Subject: [Newbie] What to I have to worry about in my policies


> I need some help.
>
> My company makes online banking software for Canadian (primarily) Credit
Unions. Our application basically suffles messages from the user to the
banking host and formats the response for the user. We also have apps for
their websites which is primarily marketing content but includes forms (loan
applications, call back/feedback forms etc) the data for which gets
temporarily (in the sense that in theory we purge our database from time to
time) stores that data as encrypted data until someone at the credit union
accesses the data and uses it.
>
> Now my question is, does the P3P policy have to express what the website
does with the data OR must it reflect the behaviour of the banking host and
the credit union.
>
> Basically I need to know where my responsibilties start and end.
>
> Thanks
> Adam
>
>
>
>
> __________________________________________________
> D O T E A S Y - "Join the web hosting revolution!"
>              http://www.doteasy.com
>
>
Received on Wednesday, 13 February 2002 22:17:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:10 GMT