- From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
- Date: Wed, 13 Jul 2011 18:05:07 +0000
- To: public-dap-commits@w3.org
Update of /sources/public/2009/dap/privacy-practices
In directory hutz:/tmp/cvs-serv17493
Modified Files:
Overview.html
Log Message:
reworking in consideration of comments from Dom
Index: Overview.html
===================================================================
RCS file: /sources/public/2009/dap/privacy-practices/Overview.html,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- Overview.html 6 Jul 2011 19:24:22 -0000 1.8
+++ Overview.html 13 Jul 2011 18:05:05 -0000 1.9
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
- <title>Device API Privacy Best Practices for Services</title>
+ <title>Privacy Best Practices for Service Providers</title>
<meta http-equiv='Content-Type' content='text/html;charset=utf-8' />
<script src='../ReSpec.js/js/respec.js' class='remove'></script>
<script class='remove'>
@@ -24,8 +24,9 @@
</head>
<body>
<section id='abstract'>
- This document describes privacy best practices relevant to device
- APIs for web services.
+ This document describes privacy best practices for service
+ providers, including those that might use device
+ APIs.
</section> <!-- abstract -->
<section id='sotd'>
@@ -38,28 +39,41 @@
<section id='introduction'>
<h2>Introduction</h2>
<p>
- This document outlines good privacy practices for implementers
- of web services that use
- device APIs. It is a companion to the privacy principles and
+ This document outlines good privacy practices for service
+ providers, including those that might use
+ device APIs. It does not repeat the privacy principles and
requirements documented in the Device API Privacy Requirements Note
- [[DAP-PRIVACY-REQS]].
+ [[DAP-PRIVACY-REQS]] which should also be consulted.
</p>
</section>
- <section id="generalprinciples">
- <h2>General Principles</h2>
- <section id="privacybydesign">
+ <section id="privacybydesign">
<h3>Privacy By Design</h3>
- <p>Privacy should be a default mode of operation, including the
- concepts of considering from the beginning of design and
- implementation, making privacy the default, and reflect other
- principles of "privacy by design" [[PRIVACY-BY-DESIGN]].</p>
+ <p>
+The principles of "Privacy by Design" should be reflected in the
+service design and implementation, including the use of device APIs.
+These are enumerated below and in more detail in the reference
+[[PRIVACY-BY-DESIGN]].</p>
<div class="practice">
<p><a id="bp-privacy-by-design"></a><span
- class="practicelab">Consider privacy as part of design</span></p>
+ class="practicelab">Follow "Privacy By Design" principles</span></p>
<p class="practicedesc">
- Consider privacy when designing a service at the very
- beginning and the principles outlined in "Privacy by Design".
+ Proactively consider privacy, make preservation of
+ privacy the default, including privacy in a
+ user-centric and transparent design without making
+ tradeoffs against privacy for other features as
+ privacy is possible along with other functionality.
</p>
+<p>These principles include the following:
+<ol>
+<li>Proactive not Reactive; Preventative not Remedial</li>
+<li>Privacy as the Default Setting</li>
+<li>Privacy Embedded into Design</li>
+<li> Full Functionality — Positive-Sum, not Zero-Sum</li>
+<li>End-to-End Security — Full Lifecycle Protection</li>
+<li>Visibility and Transparency — Keep it Open</li>
+<li>Respect for User Privacy — Keep it User-Centric</li>
+</ol></p>
+
</div>
</section>
<section id="usercentric">
@@ -67,7 +81,7 @@
<p>Privacy should be user centric.</p>
<div class="practice">
<p><a id="bp-user-driven"></a><span
- class="practicelab">The user should drive decisions
+ class="practicelab">Enable the user to decisions
that affect their privacy within the context of the service</span></p>
<p class="practicedesc">
The end user should know the privacy implications of
@@ -79,8 +93,8 @@
</div>
<div class="practice">
<p><a id="bp-choices-in-context"></a><span
- class="practicelab">User decisions should be made in
- context at the time of an operation requiring a
+ class="practicelab">Enable the user to make decisions in
+ context at the time of an operation requiring the
decision.</span></p>
<p class="practicedesc">
User decisions work well when the user makes the
@@ -113,9 +127,8 @@
</div>
<div class="practice">
<p><a id="bp-sp-choices"></a><span
- class="practicelab">A service provider should have the
- opportunity to know a user privacy decision and respond
- to it.
+ class="practicelab">Attempt to learn user privacy
+ decisions and respond to them.
</span></p>
<p class="practicedesc">
Knowing the privacy preferences of a user in a given
@@ -128,7 +141,8 @@
</div>
<div class="practice">
<p><a id="bp-usability"></a><span
- class="practicelab">User centric design requires usability.
+ class="practicelab">Create a service that enables user
+ choices and control by making it usable
</span></p>
<p class="practicedesc">
Minimal user interface interaction should be required
@@ -137,31 +151,24 @@
[[GEOLOCATION-PRIVACY]].
</p>
</div>
- </section>
- </section>
- <section id="transparency">
- <h2>Transparency</h2>
- <p>Services should be clear and transparent to users regarding
- potential privacy concerns.</p>
<div class="practice">
<p><a id="bp-clarity"></a><span
- class="practicelab">Clarify where collected information
- is shared, especially when 3rd party services are
- involved in a "mashup".
+ class="practicelab">Be clear and
+ transparent to users regarding
+ potential privacy concerns.
</span></p>
<p class="practicedesc">
The end user should know if information is being used
by the service itself or being shared with a third
- party, for example a location provider.
+ party, especially when 3rd party services are
+ involved in a "mashup".
</p>
</div>
-
- <p>
- </p>
<div class="practice">
<p><a id="bp-clarify-one-shot-or-repeated"></a><span
- class="practicelab">Services should be clear as to whether information is
- needed on a one-time basis or is necessary for a period of time and whether data retention is required.
+ class="practicelab">Be clear as to whether information is
+ needed on a one-time basis or is necessary for a period of
+ time and whether data retention is required.
</span></p>
<p class="practicedesc">
The end user should know if how collected information
@@ -169,16 +176,19 @@
</p>
</div>
</section>
+ </section>
<section id="data-minimization">
- <h2>Minimizing Data</h2>
+ <h2>Minimize collection and
+transmission of personal data</h2>
<section id="minimization-considerations">
- <p>Review the data and how it is structured and used, minimizing what is required to provide a service.
+ <p>Review the data and how it is structured and used, minimizing
+ the amount and detail of data required to provide a service.
</p>
<div class="practice">
<p><a id="bp-data-granularity"></a><span
- class="practicelab">Review the granularity of the data
- and attempt to provide minimal data at the "natural"
- granularity.</span></p>
+ class="practicelab">Request the minimum number of data
+ items at the
+ minimum level of detail needed to provide a service.</span></p>
<p class="practicedesc">
As an example, an address book record is not the
natural level of granularity as a user may wish to
@@ -192,9 +202,9 @@
<div class="practice">
<p><a id="bp-data-retention"></a><span
class="practicelab">
- Consider ramifications of data re-use over time, and review what minimum data
- needs to be retained, and for how long.
- Consider potential misuses of the data and
+Retain the minimum amount of data at the minimum level of detail for
+ the minimum amount of time needed.
+ Consider potential misuses of retained data and
possible countermeasures.
</span></p>
<p class="practicedesc">
@@ -210,6 +220,32 @@
</div>
</section>
</section>
+ <section id="data-confidentiality">
+ <h2>Maintain the confidentiality of personal data</h2>
+ <div class="practice">
+ <p><a id="bp-use-https"></a><span
+ class="practicelab">
+ Maintain the confidentiality of user data in
+ transmission, for example using HTTPS for
+ transport rather than HTTP.
+ </span></p>
+ <p class="practicedesc">
+ Use of HTTPS can provide confidentiality of personal data in
+ transport when an appropriate cipher suite is
+ required. This should be done unless an alternative
+ means of transport confidentiality is provided. </p>
+ <div class="practice">
+ <p><a id="bp-secure-storage"></a><span
+ class="practicelab">
+ Maintain the confidentiality of user data in
+ storage.
+ </span></p>
+ <p class="practicedesc">
+ Store data in encrypted form or take other means to protect
+ confidentiality of data in storage, even in the event
+ of a security
+ breakin of the server.
+ </p>
</body>
</html>
Received on Wednesday, 13 July 2011 18:05:08 UTC