W3C home > Mailing lists > Public > www-p3p-dev@w3.org > October 2001

Re: Collection of user information by forms

From: Lorrie Cranor <lorrie@research.att.com>
Date: Tue, 16 Oct 2001 09:59:06 -0400
Message-ID: <026901c1564b$15997900$3e06cf87@research.att.com>
To: "Giles Hogben" <giles.hogben@jrc.it>, "p3pdev" <www-p3p-dev@w3.org>
Cc: "Tom Jackson" <tom.jackson@jrc.it>, "Bob Thibadeau" <rht@cs.cmu.edu>
Yes, we talked about including security information in
the P3P vocabulary. However, we decided that it would
be very difficult for web sites to provide meaningful
security information. The fact that they use particular
security software is not really all that meaningful. A company
may use great security software but not apply it to one
of their systems, and that's where they have the breach.
And the best practices with respect to security are changing

I served on the FTC advisory committee on online access
and security and we had a similar discussion. In general
this group of experts felt that while web sites should have
security policies, describing their security procedures and
software in a consumer-oriented privacy policy was not
particularly useful.


----- Original Message -----
From: "Giles Hogben" <giles.hogben@jrc.it>
To: "p3pdev" <www-p3p-dev@w3.org>
Cc: "Tom Jackson" <tom.jackson@jrc.it>; "Bob Thibadeau" <rht@cs.cmu.edu>
Sent: Tuesday, October 16, 2001 3:12 AM
Subject: Re: Collection of user information by forms

> I have a question for the group.
> I know it's too late for the existing spec, but has the working group
> thought about including tags which make statements about the measures the
> company takes to secure the data once it is on their servers:
> For example
> <DATASECURITY><portscanlogs/><penetrationtesting tool="iss"
> interval="yearly" description="We use iss vulnerability scanner to test
> vulnerabilities"/></DATASECURITY>
> I have just been on a course in penetration testing (for strictly
> professional purposes!) and this made me realise that this is quite a big
> issue in the data collection cycle, not only in real terms but also in
> of consumer perception.
> Giles Hogben
Received on Tuesday, 16 October 2001 10:01:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:42:50 UTC