- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Thu, 10 Apr 2003 18:05:48 -0400
- To: "Catton, Jeff" <jeffery.catton@citigroup.com>
- Cc: "'www-p3p-public-comments@w3.org'" <www-p3p-public-comments@w3.org>
As long as you explain the access method in your human-readable policy it is not essential that the access method be an online method. Lorrie On Thursday, April 10, 2003, at 05:33 PM, Catton, Jeff wrote: > Oh the murky water… > > > > According to the definition of <ACCESS> > http://www.w3.org/TR/P3P/#ACCESS; > > > > TheACCESSelement indicates whether the site provides access > to various kinds of information. > > > > Does the above definition of “site” mean the web site or the site > owner? > > > > Here is why I am asking, we do not have login functionality on the web > site, and we do provide our users access to their information from a > local branch office or over the phone. > > > > Since do provide various methods (as stated in out Human Readable > Policy and/or web site), is it valid to say that we provide the user > access to their information entered on our site? > > > > <all/> > > All Identified Data: access is given to all identified data. > > <contact-and-other/> > > Identified Contact Information and Other Identified Data: access is > given to identified online and physical contact information as well as > to certain other identified data. > > <ident-contact/> > > Identifiable Contact Information: access is given to identified online > and physical contact information (e.g., users can access things such > as a postal address). > > <other-ident/> > > Other Identified Data: access is given to certain other identified > data (e.g., users can access things such as their online account > charges). > > <none/> > > None: no access to identified data is given. > > > > > > Thank you in advance. > > > > Best Regards, > > > > Jeffery R. Catton > > CitiFinancial > > > > >
Received on Thursday, 10 April 2003 18:05:10 UTC