- From: janice <janice@technofolk.com>
- Date: Tue, 26 Mar 2002 15:39:00 +0500 (GMT-5)
- To: <www-p3p-policy@w3.org>
Hi, I am very confused about the difference between serving cookies from
one section of a site and when data is stored in logs or in databases. I
have a couple of questions here I need serious guidance on I hope someone
can help.
If I am a publisher, and I have contests on my site -- and someone enters
a contest with their personal information, and then goes to browse the
rest of our site -- a "baldness cure" page for example. We use a globalID
cookie to track recurrent visitors.
So if I implement P3P -- am I required to say I collect personally
identifiable health information?
Another example is -- say I use among other things a GUID to configure my
ad server to serve new ads to a user, that same user has expressed a
preference in our forums to have a 2 pane layout when they view our
forums. They have signed up for a user name in the forum. We use the same
GUID across the site.
Now say it is our corporate policy NOT to monitor those forums, BUT the
user posts frequently in the "Let's lose weight because I'm fat" forum.
The user maintains, on another machine on our domain a web page for his
church group. As part of the web page, he posts his email and phone number
and mailing address, so the peoplein his church can send him pictures to
post on the web site.
Are we also holding personally identifiable health information for him?
You can assume for these examples that all our databases for the company
are one copy of Oracle on one machine. And so are our web logs.
I'm going to stop here and not even get into referers etc in the logs
because that would over complicate the basic question as it is posed here.
Thanks, I hope someone can help me!
Janice Abrahams
===========================================================
Have a Smart Day, with PrivacyParts.com
===========================================================
Received on Tuesday, 26 March 2002 15:50:54 UTC