W3C home > Mailing lists > Public > www-p3p-policy@w3.org > January 2004

Re: Policy Required if we are not collecting information

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Tue, 13 Jan 2004 15:35:14 -0500
Cc: www-p3p-policy@w3.org
To: "Gammel, Denise" <Denise.Gammel@rrb.gov>
Message-Id: <FDC3C0EC-4607-11D8-B775-000A95DA3F5A@cs.cmu.edu>

You should have a machine readable policy for all pages on your site. 
Even if you are not actively collecting information you probably have 
web logs that are collecting information and that needs to be disclosed 
(and if you are actually not keeping logs or scrubbing them, than you 
should disclose that too).

It makes sense to have a generic policy for all the pages that don't  
actively collect info through forms and then specific policies for 
pages that collect information.

Regards,

Lorrie Cranor


On Monday, January 12, 2004, at 11:01 AM, Gammel, Denise wrote:

>
> Hello,
>
> I have a very basic question.  Most of the pages on our website are 
> static html pages and are not collecting information.  Do we need to 
> have a machine readable policy for these pages?
>
> We are thinking we would have a generic machine readable policy for 
> all pages and one or more specific policies for those particular pages 
> that collect information.
>
> We maintain www.rrb.gov and https://secure.rrb.gov.  Most of our web 
> pages which collect information are on the secure site.
>
> Denise Gammel
> Web Manager
> Railroad Retirement Board
> www.rrb.gov
> (312) 751-4671
> djgammel@rrb.gov
>
>
--
Lorrie Faith Cranor - http://lorrie.cranor.org/
(Note, as of Dec 2003 I'm at Carnegie Mellon University)
P3P Specification Working Group Chair - http://www.w3.org/p3p/
Book: Web Privacy with P3P - http://p3pbook.com/
Received on Tuesday, 13 January 2004 15:43:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:11 GMT