- From: Rigo Wenning <rigo@w3.org>
- Date: Mon, 26 Sep 2005 15:12:31 +0200
- To: Nischal <nischal_muthana@yahoo.com>
- Cc: www-p3p-policy@w3.org
- Message-Id: <200509261512.32275.rigo@w3.org>
Dear Sudhakar, Am Monday 26 September 2005 01:36, sprach Nischal: > > My name is Sudhakar Jalli. I am a web developer for a > mortgage company here in California. I got your email > address at www.w3.org > > I am very new to P3P. I am just going over the > specification since couple of days. I have a question > about the data collection on our web site. > > Our web site users are usually mortgage brokers who > use our application to fill in their client critical > information into our system. We do not store any of > these mortgage brokers information but we do store > their clients very crictical information. > > I was wondering if P3P is going to cover this scope of > privacy too. If yes, do you know how I can achieve > this. I think P3P is able to accommodate this. P3P does not distinguish between roles, but you can have multiple statements in a policy. So one statement would cover all data that is collected concerning the client information and the other would cover the information collection from broker. You can indicate the role in question in a description in a <consequence> - Element. Be sure to indicate the retention of the data elements, especially for the broker information as this information is not retained. But it is collected at some point in time, so the collection has to be declared, but the retentions is short or absent. In your case it might even make sense to go down to the single data-items of the base data schema and not use categories at all. This way you have a sharp distinction. In fact, the statement clusters some vocabulary with some data items. Best, Rigo
Received on Monday, 26 September 2005 13:13:34 UTC