Explanations of some techniques that may satisfy these requirements are documented in the Technical Precautions section of the appendix.
480,586d479 < << Outsourcing services should use browser access control features < so that stored data specific to one party is never accessed or < collected when the user visits another party. <
< << The same-origin policy silos stored data by domain name. An < outsourcing service can use a different domain name for each < first party. <
<< Example Analytics provides an outsourced analytics service to Example News < and Example Sports, two unrelated websites. Example Analytics stores its < cookies for Example News at examplenews.exampleanalytics.com, and it < stores its cookies for Example Sports at < examplesports.exampleanalytics.com. <<
< The HTTP cookie path can be used to silo data to a first < party. <
<< Example Analytics stores its cookies for Example News with < "Path=/examplenews", and it stores its cookies for Example Sports with < "Path=/examplesports". <<
< For key/value storage APIs, such as Web Storage and Indexed < Database, an outsourcing service can use a different key or < key prefix for each first party. <
<< Example Analytics stores data for Example News at < window.localStorage["examplenews"] and data for Example Sports at < window.localStorage["examplesports"]. <<
< An outsourcing service should encrypt each first < party's data with a different set of keys. <
<< An outsourcing service should deploy access controls so that < only authorized personnel are able to access siloed data, and < only for authorized purposes. <
<< An outsourcing service should deploy access monitoring < mechanisms to detect improper use of siloed data. <
<< An outsourcing service should retain information only so < long as necessary to provide necessary functionality to a first < party. If a service creates periodic reports, for example, it < should delete the data used for a report once it is generated. < An outsourcing service should be particularly sensitive to < retaining protocol logs, since they may allow correlating user < activity across multiple first parties. <
<< An outsourcing service should establish a clear internal < policy that gives guidance on how to collect, < retain, and use outsourced data in compliance < with this standard. <
<< Personnel that interact with outsourced data should be < familiarized with internal policy on compliance with this < standard. <
<< An outsourcing service should establish a supervision and < reporting structure for detecting improper access. <
<< External auditors should periodically examine an outsourcing < service to assess whether it is in compliance with this < standard and has adopted best practices. Auditor reports < should be made available to the public. <
<Explanations of some techniques that may satisfy these requirements are documented in the Internal Practices section of the appendix.
1728c1575 <There is an open action to define "graduated response," and an open 1730c1577 < addressed through non-normative examples
--- > addressed through non-normative examples. 2017a1865,2018 >> Outsourcing services should use browser access control features > so that stored data specific to one party is never accessed or > collected when the user visits another party. >
> >> The same-origin policy silos stored data by domain name. An > outsourcing service can use a different domain name for each > first party. >
>> Example Analytics provides an outsourced analytics service to Example News > and Example Sports, two unrelated websites. Example Analytics stores its > cookies for Example News at examplenews.exampleanalytics.com, and it > stores its cookies for Example Sports at > examplesports.exampleanalytics.com. >>
> The HTTP cookie path can be used to silo data to a first > party. >
>> Example Analytics stores its cookies for Example News with > "Path=/examplenews", and it stores its cookies for Example Sports with > "Path=/examplesports". >>
> For key/value storage APIs, such as Web Storage and Indexed > Database, an outsourcing service can use a different key or > key prefix for each first party. >
>> Example Analytics stores data for Example News at > window.localStorage["examplenews"] and data for Example Sports at > window.localStorage["examplesports"]. >>
> An outsourcing service should encrypt each first > party's data with a different set of keys. >
>> An outsourcing service should deploy access controls so that > only authorized personnel are able to access siloed data, and > only for authorized purposes. >
>> An outsourcing service should deploy access monitoring > mechanisms to detect improper use of siloed data. >
>> An outsourcing service should retain information only so > long as necessary to provide necessary functionality to a first > party. If a service creates periodic reports, for example, it > should delete the data used for a report once it is generated. > An outsourcing service should be particularly sensitive to > retaining protocol logs, since they may allow correlating user > activity across multiple first parties. >
>> An outsourcing service should establish a clear internal > policy that gives guidance on how to collect, > retain, and use outsourced data in compliance > with this standard. >
>> Personnel that interact with outsourced data should be > familiarized with internal policy on compliance with this > standard. >
>> An outsourcing service should establish a supervision and > reporting structure for detecting improper access. >
>> External auditors should periodically examine an outsourcing > service to assess whether it is in compliance with this > standard and has adopted best practices. Auditor reports > should be made available to the public. >
>