Re: Question about P3P

Dear Sudhakar, 

Am Monday 26 September 2005 01:36, sprach Nischal:
>
> My name is Sudhakar Jalli. I am a web developer for a
> mortgage company here in California. I got your email
> address at www.w3.org
>
> I am very new to P3P. I am just going over the
> specification since couple of days. I have a question
> about the data collection on our web site.
>
> Our web site users are usually mortgage brokers who
> use our application to fill in their client critical
> information into our system. We do not store any of
> these mortgage brokers information but we do store
> their clients very crictical information.
>
> I was wondering if P3P is going to cover this scope of
> privacy too. If yes, do you know how I can achieve
> this.

I think P3P is able to accommodate this. P3P does not distinguish 
between roles, but you can have multiple statements in a policy. So one 
statement would cover all data that is collected concerning the client 
information and the other would cover the information collection from 
broker. You can indicate the role in question in a description in a 
<consequence> - Element. 

Be sure to indicate the retention of the data elements, especially for 
the broker information as this information is not retained. But it is 
collected at some point in time, so the collection has to be declared, 
but the retentions is short or absent. 

In your case it might even make sense to go down to the single 
data-items of the base data schema and not use categories at all. This 
way you have a sharp distinction. In fact, the statement clusters some 
vocabulary with some data items. 

Best, 

Rigo

Received on Monday, 26 September 2005 13:13:34 UTC