- From: Lorrie Cranor <lorrie@cs.cmu.edu>
- Date: Tue, 13 Jan 2004 15:35:14 -0500
- To: "Gammel, Denise" <Denise.Gammel@rrb.gov>
- Cc: www-p3p-policy@w3.org
You should have a machine readable policy for all pages on your site. Even if you are not actively collecting information you probably have web logs that are collecting information and that needs to be disclosed (and if you are actually not keeping logs or scrubbing them, than you should disclose that too). It makes sense to have a generic policy for all the pages that don't actively collect info through forms and then specific policies for pages that collect information. Regards, Lorrie Cranor On Monday, January 12, 2004, at 11:01 AM, Gammel, Denise wrote: > > Hello, > > I have a very basic question. Most of the pages on our website are > static html pages and are not collecting information. Do we need to > have a machine readable policy for these pages? > > We are thinking we would have a generic machine readable policy for > all pages and one or more specific policies for those particular pages > that collect information. > > We maintain www.rrb.gov and https://secure.rrb.gov. Most of our web > pages which collect information are on the secure site. > > Denise Gammel > Web Manager > Railroad Retirement Board > www.rrb.gov > (312) 751-4671 > djgammel@rrb.gov > > -- Lorrie Faith Cranor - http://lorrie.cranor.org/ (Note, as of Dec 2003 I'm at Carnegie Mellon University) P3P Specification Working Group Chair - http://www.w3.org/p3p/ Book: Web Privacy with P3P - http://p3pbook.com/
Received on Tuesday, 13 January 2004 15:43:04 UTC