W3C home > Mailing lists > Public > www-p3p-policy@w3.org > February 2004

Re: Implementing p3p

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Tue, 24 Feb 2004 13:19:22 -0500
Message-Id: <F83D0088-66F5-11D8-A0EC-000A95DA3F5A@cs.cmu.edu>
Cc: "'www-p3p-policy@w3.org'" <www-p3p-policy@w3.org>
To: "Hamblin, Shelia" <shelia.hamblin@ed.gov>

You have a choice. If you have two policies, the policy for the 
listserv pages should mention the listservs AND the web server logs and 
cookies (if you use cookies on those pages). The other policy would not 
mention the listservs. It is easier to administer a single policy that 
discloses all your practices in one policy. However, if you want to 
make it clear that you don't collect PII anywhere except on the 
listserv pages than you will want to have two policies.

I hope that helps!

Lorrie


On Feb 24, 2004, at 1:09 PM, Hamblin, Shelia wrote:

> Hello,
>
> I am trying to implement p3p on our federal website, but I am not sure 
> how best to do it.  We collect the usual web logs and we set session 
> cookies, but we also have pages that allow people to join listservs.  
> The question I have is should I combine all of these into one policy, 
> or separate them?  If I combine them, then I have to choose (in the 
> <ACCESS> field) whether we collect personally identifiable information 
> or not, which for the most part we don't.  If I create a separate 
> policy for the listservs, then this policy does not discuss the web 
> logs or cookies on our site.  Other federal agencies seem to be using 
> only one policy, but I'm not sure if this is correct.  Any help is 
> great appreciated.
>
> Thanks,
> Shelia Hamblin
> US Department of Education
> OCIO/Development Services Group
> (202) 205-2140
>
--
Lorrie Faith Cranor <http://lorrie.cranor.org/>
(Note, as of Dec 2003 I'm at Carnegie Mellon University)
P3P Specification Working Group Chair <http://www.w3.org/p3p/>
Book: Web Privacy with P3P <http://p3pbook.com/>
Received on Tuesday, 24 February 2004 13:19:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:11 GMT