- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Wed, 29 Nov 2000 22:25:17 -0500
- To: "Fiona Walsh" <Fiona.Walsh@avenuea.com>, <www-p3p-policy@w3.org>
Good questions. Yes, we use the word attach broadly as you suggest. And yes, it would be fair to say that most sites will not be able to use the non-identifiable attribute. Basically, to use this attribute, a site is going to have to go to extra legnths to scrub their web logs to make sure that the pseuodononymous info they have on people cannot be linked back to a real person. At minimum this would require truncating IP addresses in the web logs. Lorrie ----- Original Message ----- From: Fiona Walsh <Fiona.Walsh@avenuea.com> To: <www-p3p-policy@w3.org> Sent: Wednesday, November 29, 2000 8:16 PM Subject: question about the <NON-IDENTIFIABLE/> attribute > > I've been assisting our client's with policy generation, and have some > questions about the <NON-IDENTIFIABLE/> attribute. > The spec. states > " > <NON-IDENTIFIABLE/> > This is an element that can only be present in the statement, if > there is no data or no identifiable data collected. Data is seen as > non-identifiable in the sense of the present specification, if there is no > reasonable way for the entity or a third party to attach the collected data > to the identity of natural person. > " > > Nearly all of our clients' sites have some persistent means of storing state > @ an individual level (cookiesID, customerID, transactionID etc). > It seems reasonable to say that all these data elements could be attached by > our client's or by a third party to the identity of a natural person. > > First, in the above statement when we state "attach", do we mean linking > using data collected by any method, HTTP or other? > Second, is it therefore reasonable to say that most sites that store state @ > an individual level can not use the <NON-IDENTIFIABLE/> attribute? > > fi > >
Received on Wednesday, 29 November 2000 22:30:33 UTC