- From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 02 Aug 2011 20:36:40 +0000
- To: public-dap-commits@w3.org
Update of /sources/public/2009/dap/privacy-practices In directory hutz:/tmp/cvs-serv3022 Modified Files: Overview.html FPWD.html Log Message: get rid of relative path for respec.js and for css, also change publication date to 4 August Index: Overview.html =================================================================== RCS file: /sources/public/2009/dap/privacy-practices/Overview.html,v retrieving revision 1.19 retrieving revision 1.20 diff -u -d -r1.19 -r1.20 --- Overview.html 1 Aug 2011 18:48:34 -0000 1.19 +++ Overview.html 2 Aug 2011 20:36:38 -0000 1.20 @@ -3,7 +3,8 @@ <head> <title>Web Application Privacy Best Practices</title> <meta http-equiv='Content-Type' content='text/html;charset=utf-8' /> - <script src='../ReSpec.js/js/respec.js' class='remove'></script> + <script src="http://dev.w3.org/2009/dap/ReSpec.js/js/respec.js" + class="remove"></script> <script class='remove'> var respecConfig = { specStatus: "WD-NOTE", @@ -12,7 +13,7 @@ { name: "Frederick Hirsch", company: "Nokia", companyURL: "http://www.nokia.com/" }, ], - publishDate: "2011-08-02", + publishDate: "2011-08-04", // previousPublishDate: "1977-03-15", edDraftURI: "http://dev.w3.org/2009/dap/privacy-practices/", // lcEnd: "2009-08-05", Index: FPWD.html =================================================================== RCS file: /sources/public/2009/dap/privacy-practices/FPWD.html,v retrieving revision 1.11 retrieving revision 1.12 diff -u -d -r1.11 -r1.12 --- FPWD.html 1 Aug 2011 19:12:52 -0000 1.11 +++ FPWD.html 2 Aug 2011 20:36:38 -0000 1.12 @@ -1,17 +1,479 @@ <!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'> <html lang="en" dir="ltr"> <head> - - <title>Web Application Privacy Best Practices</title> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"> - + - <link charset="utf-8" type="text/css" rel="stylesheet" href="../ReSpec.js/css/respec.css"><link charset="utf-8" type="text/css" rel="stylesheet" href="http://www.w3.org/StyleSheets/TR/W3C-WD"></head><body style="display: inherit;"><div class="head"><p><a href="http://www.w3.org/"><img src="http://www.w3.org/Icons/w3c_home" alt="W3C" height="48" width="72"></a></p><h1 class="title" id="title">Web Application Privacy Best Practices</h1><h2 id="w3c-working-draft-02-august-2011">W3C Working Draft 02 August 2011</h2><dl><dt>This version:</dt><dd><a href="http://www.w3.org/TR/2011/WD-app-privacy-bp-20110802/">http://www.w3.org/TR/2011/WD-app-privacy-bp-20110802/</a></dd><dt>Latest published version:</dt><dd><a href="http://www.w3.org/TR/app-privacy-bp/">http://www.w3.org/TR/app-privacy-bp/</a></dd><dt>Latest editor's draft:</dt><dd><a href="http://dev.w3.org/2009/dap/privacy-practices/">http://dev.w3.org/2009/dap/privacy-practices/</a></dd><dt>Previous version:</dt><dd>none</dd><dt>Editor:</dt><dd><span>Frederck Hirsch</span>, <a href="http://www.nokia.com/">Nokia</a></dd> + <style type="text/css"> +/***************************************************************** + * ReSpec CSS + * Robin Berjon (robin at berjon dot com) + * v0.05 - 2009-07-31 + *****************************************************************/ + + +/* --- INLINES --- */ +em.rfc2119 { + text-transform: lowercase; + font-variant: small-caps; + font-style: normal; + color: #900; +} + +h1 acronym, h2 acronym, h3 acronym, h4 acronym, h5 acronym, h6 acronym, a acronym, +h1 abbr, h2 abbr, h3 abbr, h4 abbr, h5 abbr, h6 abbr, a abbr { + border: none; +} + +dfn { + font-weight: bold; +} + +a.internalDFN { + color: inherit; + border-bottom: 1px solid #99c; + text-decoration: none; +} + +a.externalDFN { + color: inherit; + border-bottom: 1px dotted #ccc; + text-decoration: none; +} + +a.bibref { + text-decoration: none; +} + +code { + color: #ff4500; +} + + +/* --- WEB IDL --- */ +pre.idl { + border-top: 1px solid #90b8de; + border-bottom: 1px solid #90b8de; + padding: 1em; + line-height: 120%; +} + +pre.idl::before { + content: "WebIDL"; + display: block; + width: 150px; + background: #90b8de; + color: #fff; + font-family: initial; + padding: 3px; + font-weight: bold; + margin: -1em 0 1em -1em; +} + +.idlType { + color: #ff4500; + font-weight: bold; + text-decoration: none; +} + +/*.idlModule*/ +/*.idlModuleID*/ +/*.idlInterface*/ +.idlInterfaceID { + font-weight: bold; + color: #005a9c; +} + +.idlSuperclass { + font-style: italic; + color: #005a9c; +} + +/*.idlAttribute*/ +.idlAttrType, .idlFieldType { + color: #005a9c; +} +.idlAttrName, .idlFieldName { + color: #ff4500; +} +.idlAttrName a, .idlFieldName a { + color: #ff4500; + border-bottom: 1px dotted #ff4500; + text-decoration: none; +} + +/*.idlMethod*/ +.idlMethType { + color: #005a9c; +} +.idlMethName { + color: #ff4500; +} +.idlMethName a { + color: #ff4500; + border-bottom: 1px dotted #ff4500; + text-decoration: none; +} + +/*.idlParam*/ +.idlParamType { + color: #005a9c; +} +.idlParamName { + font-style: italic; +} + +.extAttr { + color: #666; +} + +/*.idlConst*/ +.idlConstType { + color: #005a9c; +} +.idlConstName { + color: #ff4500; +} +.idlConstName a { + color: #ff4500; + border-bottom: 1px dotted #ff4500; + text-decoration: none; +} + +/*.idlException*/ +.idlExceptionID { + font-weight: bold; + color: #c00; +} + +.idlTypedefID, .idlTypedefType { + color: #005a9c; +} + +.idlRaises, .idlRaises a.idlType, .idlRaises a.idlType code, .excName a, .excName a code { + color: #c00; + font-weight: normal; +} + +.excName a { + font-family: monospace; +} + +.idlRaises a.idlType, .excName a.idlType { + border-bottom: 1px dotted #c00; +} + +.excGetSetTrue, .excGetSetFalse, .prmNullTrue, .prmNullFalse, .prmOptTrue, .prmOptFalse { + width: 45px; + text-align: center; +} +.excGetSetTrue, .prmNullTrue, .prmOptTrue { color: #0c0; } +.excGetSetFalse, .prmNullFalse, .prmOptFalse { color: #c00; } + +.idlImplements a { + font-weight: bold; +} + +dl.attributes, dl.methods, dl.constants, dl.fields { + margin-left: 2em; +} + +.attributes dt, .methods dt, .constants dt, .fields dt { + font-weight: normal; +} + +.attributes dt code, .methods dt code, .constants dt code, .fields dt code { + font-weight: bold; + color: #000; + font-family: monospace; +} + +.attributes dt code, .fields dt code { + background: #ffffd2; +} + +.attributes dt .idlAttrType code, .fields dt .idlFieldType code { + color: #005a9c; + background: transparent; + font-family: inherit; + font-weight: normal; + font-style: italic; +} + +.methods dt code { + background: #d9e6f8; +} + +.constants dt code { + background: #ddffd2; +} + +.attributes dd, .methods dd, .constants dd, .fields dd { + margin-bottom: 1em; +} + +table.parameters, table.exceptions { + border-spacing: 0; + border-collapse: collapse; + margin: 0.5em 0; + width: 100%; +} +table.parameters { border-bottom: 1px solid #90b8de; } +table.exceptions { border-bottom: 1px solid #deb890; } + +.parameters th, .exceptions th { + color: #fff; + padding: 3px 5px; + text-align: left; + font-family: initial; + font-weight: normal; + text-shadow: #666 1px 1px 0; +} +.parameters th { background: #90b8de; } +.exceptions th { background: #deb890; } + +.parameters td, .exceptions td { + padding: 3px 10px; + border-top: 1px solid #ddd; + vertical-align: top; +} + +.parameters tr:first-child td, .exceptions tr:first-child td { + border-top: none; +} + +.parameters td.prmName, .exceptions td.excName, .exceptions td.excCodeName { + width: 100px; +} + +.parameters td.prmType { + width: 120px; +} + +table.exceptions table { + border-spacing: 0; + border-collapse: collapse; + width: 100%; +} + +/* --- TOC --- */ +.toc a { + text-decoration: none; +} + +a .secno { + color: #000; +} + +/* --- TABLE --- */ +table.simple { + border-spacing: 0; + border-collapse: collapse; + border-bottom: 3px solid #005a9c; +} + +.simple th { + background: #005a9c; + color: #fff; + padding: 3px 5px; + text-align: left; +} + +.simple th[scope="row"] { + background: inherit; + color: inherit; + border-top: 1px solid #ddd; +} + +.simple td { + padding: 3px 10px; + border-top: 1px solid #ddd; +} + +.simple tr:nth-child(even) { + background: #f0f6ff; +} + +/* --- DL --- */ +.section dd > p:first-child { + margin-top: 0; +} + +.section dd > p:last-child { + margin-bottom: 0; +} + +.section dd { + margin-bottom: 1em; +} + +.section dl.attrs dd, .section dl.eldef dd { + margin-bottom: 0; +} + +/* --- EXAMPLES --- */ +pre.example { + border-top: 1px solid #ff4500; + border-bottom: 1px solid #ff4500; + padding: 1em; + margin-top: 1em; +} + +pre.example::before { + content: "Example"; + display: block; + width: 150px; + background: #ff4500; + color: #fff; + font-family: initial; + padding: 3px; + font-weight: bold; + margin: -1em 0 1em -1em; +} + +/* --- EDITORIAL NOTES --- */ +.issue { + padding: 1em; + margin: 1em 0em 0em; + border: 1px solid #f00; + background: #ffc; +} + +.issue::before { + content: "Issue"; + display: block; + width: 150px; + margin: -1.5em 0 0.5em 0; + font-weight: bold; + border: 1px solid #f00; + background: #fff; + padding: 3px 1em; +} + +.note { + margin: 1em 0em 0em; + padding: 1em; + border: 2px solid #cff6d9; + background: #e2fff0; +} + +.note::before { + content: "Note"; + display: block; + width: 150px; + margin: -1.5em 0 0.5em 0; + font-weight: bold; + border: 1px solid #cff6d9; + background: #fff; + padding: 3px 1em; +} + +/* --- Best Practices --- */ +div.practice { + border: solid #bebebe 1px; + margin: 2em 1em 1em 2em; +} + +span.practicelab { + margin: 1.5em 0.5em 1em 1em; + font-weight: bold; + font-style: italic; +} + +span.practicelab { background: #dfffff; } + +span.practicelab { + position: relative; + padding: 0 0.5em; + top: -1.5em; +} + +p.practicedesc { + margin: 1.5em 0.5em 1em 1em; +} + +@media screen { + p.practicedesc { + position: relative; + top: -2em; + padding: 0; + margin: 1.5em 0.5em -1em 1em; +} + +/* --- SYNTAX HIGHLIGHTING --- */ +pre.sh_sourceCode { + background-color: white; + color: black; + font-style: normal; + font-weight: normal; +} + +pre.sh_sourceCode .sh_keyword { color: #005a9c; font-weight: bold; } /* language keywords */ +pre.sh_sourceCode .sh_type { color: #666; } /* basic types */ +pre.sh_sourceCode .sh_usertype { color: teal; } /* user defined types */ +pre.sh_sourceCode .sh_string { color: red; font-family: monospace; } /* strings and chars */ +pre.sh_sourceCode .sh_regexp { color: orange; font-family: monospace; } /* regular expressions */ +pre.sh_sourceCode .sh_specialchar { color: #ffc0cb; font-family: monospace; } /* e.g., \n, \t, \\ */ +pre.sh_sourceCode .sh_comment { color: #A52A2A; font-style: italic; } /* comments */ +pre.sh_sourceCode .sh_number { color: purple; } /* literal numbers */ +pre.sh_sourceCode .sh_preproc { color: #00008B; font-weight: bold; } /* e.g., #include, import */ +pre.sh_sourceCode .sh_symbol { color: blue; } /* e.g., *, + */ +pre.sh_sourceCode .sh_function { color: black; font-weight: bold; } /* function calls and declarations */ +pre.sh_sourceCode .sh_cbracket { color: red; } /* block brackets (e.g., {, }) */ +pre.sh_sourceCode .sh_todo { font-weight: bold; background-color: #00FFFF; } /* TODO and FIXME */ + +/* Predefined variables and functions (for instance glsl) */ +pre.sh_sourceCode .sh_predef_var { color: #00008B; } +pre.sh_sourceCode .sh_predef_func { color: #00008B; font-weight: bold; } + +/* for OOP */ +pre.sh_sourceCode .sh_classname { color: teal; } + +/* line numbers (not yet implemented) */ +pre.sh_sourceCode .sh_linenum { display: none; } + +/* Internet related */ +pre.sh_sourceCode .sh_url { color: blue; text-decoration: underline; font-family: monospace; } + +/* for ChangeLog and Log files */ +pre.sh_sourceCode .sh_date { color: blue; font-weight: bold; } +pre.sh_sourceCode .sh_time, pre.sh_sourceCode .sh_file { color: #00008B; font-weight: bold; } +pre.sh_sourceCode .sh_ip, pre.sh_sourceCode .sh_name { color: #006400; } + +/* for Prolog, Perl... */ +pre.sh_sourceCode .sh_variable { color: #006400; } + +/* for LaTeX */ +pre.sh_sourceCode .sh_italics { color: #006400; font-style: italic; } +pre.sh_sourceCode .sh_bold { color: #006400; font-weight: bold; } +pre.sh_sourceCode .sh_underline { color: #006400; text-decoration: underline; } +pre.sh_sourceCode .sh_fixed { color: green; font-family: monospace; } +pre.sh_sourceCode .sh_argument { color: #006400; } +pre.sh_sourceCode .sh_optionalargument { color: purple; } +pre.sh_sourceCode .sh_math { color: orange; } +pre.sh_sourceCode .sh_bibtex { color: blue; } + +/* for diffs */ +pre.sh_sourceCode .sh_oldfile { color: orange; } +pre.sh_sourceCode .sh_newfile { color: #006400; } +pre.sh_sourceCode .sh_difflines { color: blue; } + +/* for css */ +pre.sh_sourceCode .sh_selector { color: purple; } +pre.sh_sourceCode .sh_property { color: blue; } +pre.sh_sourceCode .sh_value { color: #006400; font-style: italic; } + +/* other */ +pre.sh_sourceCode .sh_section { color: black; font-weight: bold; } +pre.sh_sourceCode .sh_paren { color: red; } +pre.sh_sourceCode .sh_attribute { color: #006400; } + +</style><link href="http://www.w3.org/StyleSheets/TR/W3C-WD" rel="stylesheet" type="text/css" charset="utf-8"></head><body style="display: inherit; "><div class="head"><p><a href="http://www.w3.org/"><img width="72" height="48" src="http://www.w3.org/Icons/w3c_home" alt="W3C"></a></p><h1 class="title" id="title">Web Application Privacy Best Practices</h1><h2 id="w3c-working-draft-04-august-2011">W3C Working Draft 04 August 2011</h2><dl><dt>This version:</dt><dd><a href="http://www.w3.org/TR/2011/WD-app-privacy-bp-20110804/">http://www.w3.org/TR/2011/WD-app-privacy-bp-20110804/</a></dd><dt>Latest published version:</dt><dd><a href="http://www.w3.org/TR/app-privacy-bp/">http://www.w3.org/TR/app-privacy-bp/</a></dd><dt>Latest editor's draft:</dt><dd><a href="http://dev.w3.org/2009/dap/privacy-practices/">http://dev.w3.org/2009/dap/privacy-practices/</a></dd><dt>Previous version:</dt><dd>none</dd><dt>Editor:</dt><dd><span>Frederick Hirsch</span>, <a href="http://www.nokia.com/">Nokia</a></dd> </dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2011 <a href="http://www.w3.org/"><acronym title="World Wide Web Consortium">W3C</acronym></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute of Technology">MIT</acronym></a>, <a href="http://www.ercim.eu/"><acronym title="European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p><hr></div> - <div class="introductory section" id="abstract"><h2>Abstract</h2> + <div id="abstract" class="introductory section"><h2>Abstract</h2> This document describes privacy best practices for web applications, including those that might use device APIs. @@ -23,30 +485,30 @@ eventually publish a stabilized version of this document as a W3C Working Group Note. </p> - <p>This document was published by the <a href="http://www.w3.org/2009/dap/">Device APIs and Policy Working Group</a> as a Working Draft. If you wish to make comments regarding this document, please send them to <a href="mailto:public-device-apis@w3.org">public-device-apis@w3.org</a> (<a href="mailto:public-device-apis-request@w3.org?subject=subscribe">subscribe</a>, <a href="http://lists.w3.org/Archives/Public/public-device-apis/">archives</a>). All feedback is welcome.</p><p>Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.</p><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 W3C Patent Policy</a>. The group does not expect this document to become a W3C Recommendation. W3C maintains a <a href="http://www.w3.org/204/01/pp-impl/43696/status" rel="disclosure">public list of any patent disclosures</a> made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the W3C Patent Policy</a>.</p></div><div class="section" id="toc"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a class="tocxref" href="#introduction"><span class="secno">1. </span>Introduction</a></li><li class="tocline"><a class="tocxref" href="#privacybydesign"><span class="secno">2. </span>Privacy By Design</a></li><li class="tocline"><a class="tocxref" href="#usercentric"><span class="secno">3. </span>User Centric Design</a></li><li class="tcline"><a class="tocxref" href="#data-minimization"><span class="secno">4. </span>Minimize collection and - transmission of personal data</a></li><li class="tocline"><a class="tocxref" href="#data-confidentiality"><span class="secno">5. </span>Maintain the confidentiality of personal data</a></li><li class="tocline"><a class="tocxref" href="#access-log"><span class="secno">6. </span>Control and log access</a></li><li class="tocline"><a class="tocxref" href="#bp-summary"><span class="secno">7. </span>Best Practices Summary</a></li><li class="tocline"><a class="tocxref" href="#references"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#normative-references"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a class="tocxref" href="#informative-references"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div> <!-- abstract --> + <p>This document was published by the <a href="http://www.w3.org/2009/dap/">Device APIs and Policy Working Group</a> as a Working Draft. If you wish to make comments regarding this document, please send them to <a href="mailto:public-device-apis@w3.org">public-device-apis@w3.org</a> (<a href="mailto:public-device-apis-request@w3.org?subject=subscribe">subscribe</a>, <a href="http://lists.w3.org/Archives/Public/public-device-apis/">archives</a>). All feedback is welcome.</p><p>Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.</p><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 W3C Patent Policy</a>. The group does not expect this document to become a W3C Recommendation. W3C maintains a <a href="http://www.w3.org/204/01/pp-impl/43696/status" rel="disclosure">public list of any patent disclosures</a> made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the W3C Patent Policy</a>.</p></div><div id="toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a></li><li class="tocline"><a href="#privacybydesign" class="tocxref"><span class="secno">2. </span>Privacy By Design</a></li><li class="tocline"><a href="#usercentric" class="tocxref"><span class="secno">3. </span>User Centric Design</a></li><li class="tcline"><a href="#data-minimization" class="tocxref"><span class="secno">4. </span>Minimize collection and + transmission of personal data</a></li><li class="tocline"><a href="#data-confidentiality" class="tocxref"><span class="secno">5. </span>Maintain the confidentiality of personal data</a></li><li class="tocline"><a href="#access-log" class="tocxref"><span class="secno">6. </span>Control and log access</a></li><li class="tocline"><a href="#bp-summary" class="tocxref"><span class="secno">7. </span>Best Practices Summary</a></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div> <!-- abstract --> - <div class="section" id="introduction"> + <div id="introduction" class="section"> <!--OddPage--><h2><span class="secno">1. </span>Introduction</h2> <p> This document outlines good privacy practices for web applications, including those that might use device APIs. This continues the work on privacy best practices - in section 3.3.1 on "User Awareness and Control" Mobile Web Application Best Practices [<cite><a href="#bib-MWABP" rel="biblioentry" class="bibref">MWABP</a></cite>]. It does not repeat the privacy principles and + in section 3.3.1 on "User Awareness and Control" Mobile Web Application Best Practices [<cite><a class="bibref" rel="biblioentry" href="#bib-MWABP">MWABP</a></cite>]. It does not repeat the privacy principles and requirements documented in the Device API Privacy Requirements Note - [<cite><a href="#bib-DAP-PRIVACY-REQS" rel="biblioentry" class="bibref">DAP-PRIVACY-REQS</a></cite>] which should also be consulted. + [<cite><a class="bibref" rel="biblioentry" href="#bib-DAP-PRIVACY-REQS">DAP-PRIVACY-REQS</a></cite>] which should also be consulted. </p> </div> - <div class="section" id="privacybydesign"> + <div id="privacybydesign" class="section"> <!--OddPage--><h2><span class="secno">2. </span>Privacy By Design</h2> <p> The principles of "Privacy by Design" should be reflected in the web application design and implementation, including the use of device APIs. These are enumerated below and in more detail in the reference - [<cite><a href="#bib-PRIVACY-BY-DESIGN" rel="biblioentry" class="bibref">PRIVACY-BY-DESIGN</a></cite>].</p> + [<cite><a class="bibref" rel="biblioentry" href="#bib-PRIVACY-BY-DESIGN">PRIVACY-BY-DESIGN</a></cite>].</p> <div class="practice"> <p> <span id="bp-privacy-by-design" class="practicelab">Best Practice 1: Follow "Privacy By Design" principles</span>.</p> @@ -69,7 +531,7 @@ </ol> </div> </div> - <div class="section" id="usercentric"> + <div id="usercentric" class="section"> <!--OddPage--><h2><span class="secno">3. </span>User Centric Design</h2> <p>Privacy should be user centric, giving the user understanding and control over use of their personal data.</p> @@ -144,7 +606,7 @@ harm the user experience and many users will not understand how to respond to prompts, choosing a choice that enables them to continue their work - [<cite><a href="#bib-GEOLOCATION-PRIVACY" rel="biblioentry" class="bibref">GEOLOCATION-PRIVACY</a></cite>]. + [<cite><a class="bibref" rel="biblioentry" href="#bib-GEOLOCATION-PRIVACY">GEOLOCATION-PRIVACY</a></cite>]. </p> </div> <div class="practice"> @@ -170,7 +632,7 @@ </p> </div> </div> - <div class="section" id="data-minimization"> + <div id="data-minimization" class="section"> <!--OddPage--><h2><span class="secno">4. </span>Minimize collection and transmission of personal data</h2> <p>Review the data and how it is structured and used, minimizing @@ -208,7 +670,7 @@ </div> </div> - <div class="section" id="data-confidentiality"> + <div id="data-confidentiality" class="section"> <!--OddPage--><h2><span class="secno">5. </span>Maintain the confidentiality of personal data</h2> <div class="practice"> <p><span id="bp-use-https" class="practicelab">Best Practice 10: @@ -237,7 +699,7 @@ </p> </div> </div> - <div class="section" id="access-log"> + <div id="access-log" class="section"> <!--OddPage--><h2><span class="secno">6. </span>Control and log access</h2> <div class="practice"> <p><span id="bp-audit-log" class="practicelab">Best Practice 12: Control and log access to data.</span></p> @@ -247,7 +709,7 @@ </p> </div> </div> - <div class="section" id="bp-summary"><!--OddPage--><h2><span class="secno">7. </span>Best Practices Summary</h2><ul><li><a href="#bp-privacy-by-design">Best Practice 1</a>: Follow "Privacy By Design" principles</li><li><a href="#bp-user-driven">Best Practice 2</a>: Enable the user to make informed decisions about + <div id="bp-summary" class="section"><!--OddPage--><h2><span class="secno">7. </span>Best Practices Summary</h2><ul><li><a href="#bp-privacy-by-design">Best Practice 1</a>: Follow "Privacy By Design" principles</li><li><a href="#bp-user-driven">Best Practice 2</a>: Enable the user to make informed decisions about sharing their personal information with a service. </li><li><a href="#bp-choices-in-context">Best Practice 3</a>: Enable the user to make decisions at the appropriate time with the correct contextual information. @@ -276,7 +738,10 @@ Maintain the confidentiality of user data in storage. </li><li><a href="#bp-audit-log">Best Practice 12</a>: Control and log access to data.</li></ul></div> - <div class="appendix section" id="references"><!--OddPage--><h2><span class="secno">A. </span>References</h2><div class="section" id="normative-references"><h3><span class="secno">A.1 </span>Normative references</h3><p>No normative references.</p></div><div class="section" id="informative-references"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography"><dt id="bib-DAP-PRIVACY-REQS">[DAP-PRIVACY-REQS]</dt><dd>Alissa Cooper, Frederick Hirsch, John Morris. <a href="http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/"><cite>Device API Privacy Requirements</cite></a> 29 June 2010. W3C Note URL: <a href="http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/">http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/</a> + + + +<div id="references" class="appendix section"><!--OddPage--><h2><span class="secno">A. </span>References</h2><div id="normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><p>No normative references.</p></div><div id="informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography"><dt id="bib-DAP-PRIVACY-REQS">[DAP-PRIVACY-REQS]</dt><dd>Alissa Cooper, Frederick Hirsch, John Morris. <a href="http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/"><cite>Device API Privacy Requirements</cite></a> 29 June 2010. W3C Note URL: <a href="http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/">http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/</a> </dd><dt id="bib-GEOLOCATION-PRIVACY">[GEOLOCATION-PRIVACY]</dt><dd>Marcos Cáceres <a href="http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-21.pdf"><cite>Privacy of Geolocation Implementations</cite></a>, "W3C Workshop on Privacy for Advanced Web APIs" paper, 12/13 July 2010. URL: <a href="http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-21.pdf">http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-21.pdf</a> </dd><dt id="bib-MWABP">[MWABP]</dt><dd>Adam Connors; Bryan Sullivan. <a href="http://www.w3.org/TR/2010/REC-mwabp-20101214/">Mobile Web Application Best Practices.</a> 14 December 2010. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2010/REC-mwabp-20101214/">http://www.w3.org/TR/2010/REC-mwabp-20101214/</a> </dd><dt id="bib-PRIVACY-BY-DESIGN">[PRIVACY-BY-DESIGN]</dt><dd>Ann Cavoukian, PhD. <a href="http://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf"><cite>Privacy By Design: The 7 Foundational Principles</cite></a>. August 2009, revised January 2011. URL: <a href="http://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf">http://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf</a>
Received on Tuesday, 2 August 2011 20:36:43 UTC