[CONTACT]

[ABOUT]

[POLICY]

[ADVERTISE]

DOCTYPE HTML PUBLIC html.META

Found at: ftp.icm.edu.pl:70/packages/normos/w3c/NOTE-IPWG-Practices

<!DOCTYPE HTML PUBLIC "html.dtd">
<HTML>

		
<HEAD>
<META CONTENT="text/html; charset=windows-1252" HTTP-EQUIV="Content-Type">
<META CONTENT="Microsoft FrontPage 3.0" NAME="GENERATOR">
<TITLE>The Internet PrivacyWorking Group is providing the W3C P3P vocabulary group with </TITLE>
<META CONTENT="D:\Program Files\Microsoft Office\Office\html.dot" NAME="Template">
</HEAD>

		
<BODY VLINK="#800080" TEXT="#000000" LINK="#0000FF" BGCOLOR="#FFFFFF">

		
<H1><A HREF="http://www.w3.org/"><IMG HEIGHT="48" ALT="W3C" BORDER="0" WIDTH="72" SRC="http://www.w3.org/Icons/w3c_home"></A>
</H1>

		
<P ALIGN="right"><B><BIG>NOTE-IPWG-Practices-971017</BIG></B> </P>

		
<H1 ALIGN="center">Internet Privacy Working Group Privacy <BR>
Practices for the Web</H1>

		
<P><B><BIG><A HREF="http://www.w3.org/Submission/1997/17/">Submitted to W3C</A> on 17 October 1997 ·</BIG></B>

		
<DL>
  <DT>Latest version: </DT>
  <DD><A HREF="NOTE-IPWG-Practices.html" W3MIRHREF="http://www.w3.org/TR/NOTE-IPWG-Practices.html">http://www.w3.org/TR/NOTE-IPWG-Practices</A> </DD>
  <DT>This version: </DT>
  <DD><A HREF="NOTE-IPWG-Practices-971017.html" W3MIRHREF="http://www.w3.org/TR/NOTE-IPWG-Practices-971017.html">http://www.w3.org/TR/NOTE-IPWG-Practices-971017</A>
  </DD>
</DL>

		
<DL>
  <DT>Authors: </DT>
  <DD>Internet Privacy Working Group</DD>
  <DT>Editor:</DT>
  <DD>Deirdre Mulligan, CDT</DD>
</DL>

		
<HR>

		
<H2>Status of this Document </H2>

		
<P>This document is a NOTE made available by the World Wide Web Consortium for discussion
only. This indicates no endorsement of its content, nor that the Consortium has, is, or
will be allocating any resources to the issues addressed by the NOTE. A list of current
NOTEs can be found at: <A HREF="./" W3MIRHREF="http://www.w3.org/TR/">http://www.w3.org/TR/</A>. </P>

		
<P>This document is part of a complete <A HREF="http://www.w3.org/Submission/">submission</A> to the W3C.
The full submission has been acknowledged by W3C and is available at <A HREF="http://www.w3.org/Submission/1997/17/">http://www.w3.org/Submission/1997/17/</A>.&nbsp; </P>

		
<P>Note: since working drafts are subject to frequent change, you are advised to reference
the above URL, rather than the URLs for working drafts themselves. </P>

		
<HR>
<B>

		
<P>Document Version 1.0</B> <BR>
<B>October 17, 1997</B> </P>

		
<H1>Introduction</H1>

		
<P>This document is intended for consideration by the Platform for Privacy Preferences
Project. The vocabularies specified (Data Categories, Data Practices, Release, and Access,
Contact) are offered for considerations as vocabularies that would fit within the P3P
grammar. We also make some ancillary recommendations regarding identification of the
&quot;entity&quot; with whom the individual is dealing and the &quot;space&quot; within
which a P3P agreement applies.</P>

		
<P>For a further explanation of what P3P architecture, grammar, and vocabularies please
see: 

		
<UL>
  <LI><A HREF="WD-P3P-grammar.html" W3MIRHREF="http://www.w3.org/TR/WD-P3P-grammar.html">P3P Grammatical Model and Data Design Model Working Draft</A></LI>
  <LI><A HREF="WD-P3P-arch.html" W3MIRHREF="http://www.w3.org/TR/WD-P3P-arch.html">General Overview of the P3P Architectur Working Draft</A></LI>
  <LI><A HREF="http://www.w3.org/P3">W3C P3P Overview</A>.</LI>
</UL>
<B>

		
<H2></B>Data Categories<B></H2>
</B>

		
<P>A data category is a quality of a data element or class that may be used by a trust
engine to determine what type of element is under discussion (for example anonymous
demographics or personal contact information). The first seven data categories are
actually data elements within the data category <STRONG>Contact Information</STRONG> but
are considered to be important enough to be their own category. <EM>The inclusion of a
category or data element (as a bullet or example) in no way requires a user to enter that
information. </EM>For instance, while we state SSN is an example of a <STRONG>Government
or Unique Identifier </STRONG>the exchange of this type off data is <EM>extremely</EM>
sensitive and may even be unlawful. We are not recommending that these data elements
should be collected or transferred, they are merely examples for a category or type of
information one may make privacy practice statements about.</P>

		
<P>&nbsp;</P>

		
<BLOCKQUOTE>
  <DL>
    <DT><U><B>First name</B></U> </DT>
    <DD>this would include nick-names</DD>
    <U><B>
    <DT><U><B><U><B><U><B><U><B><U><B><U><B>Last name</B></U></B></U></B></U></B></U></B></U></B></U></DT>
    <DT><U><B><U><B><U><B><U><B><U><B><U><B>Middle name</B></U></B></U></B></U></B></U></B></U></B></U></DT>
    <DT><U><B><U><B><U><B><U><B><U><B><U><B>Maiden name</B></U></B></U></B></U></B></U></B></U></B></U></DT>
    <DT><U><B><U><B><U><B><U><B><U><B><U><B>Address</B></U></B></U></B></U></B></U></B></U></B></U></DT>
    <DT><U><B><U><B><U><B><U><B><U><B><U><B>Phone number</B></U></B></U></B></U></B></U></B></U></B></U></DT>
    </B></U>
    <DT><U><B>Other physical contact information</B></U> </DT>
    <DD>other information that is commonly used to identify, locate and/or contact a person.</DD>
    <DT><U><B>Cyberspace Contact Information</B></U></DT>
    <DD>information that allows an individual to be contacted or located on the Internet.<UL>
        <LI>email address </LI>
        <LI>site specific email address</LI>
        <LI>URL</LI>
      </UL>
    </DD>
    <DT><U><B>Government ids and unique identifiers</B></U> </DT>
    <DD>identifiers issued by a government or other entity for purposes of consistently
      identifying the individual -- for example SSN, pseudonyms, account numbers.</DD>
    <DT><U><B>Financial account identifiers</B></U> </DT>
    <DD>identifiers that tie an individual to a financial instrument, account, or payment system
      -- for example Visa or American Express account number, or bank account number.</DD>
    <DT><U><B>Computer Information</B></U> </DT>
    <DD><UL>
        <LI>non-identifying information about the individual's computer system.</LI>
        <LI>visitor's computer type</LI>
        <LI>operating system</LI>
        <LI><DL>
            <DT>browser</DT>
          </DL>
        </LI>
      </UL>
    </DD>
    <DT><U><B>Navigational and Click-stream Data</B></U> </DT>
    <DD>data generated by the individuals activities at a Web site or other experience space,
      such as the pages of a web site viewed, the links made, the time spent in particular
      areas.</DD>
    <DT><U><B>Transactional data</B></U> </DT>
    <DD>data that reflects transactions such as logs of phone calls, emails or purchases.</DD>
    <DT><U><B>Preference and Demographic Data</B></U> </DT>
    <DD>non-identifiable data collected from the individual or other source -- not click-stream
      data -- for example gender, age, and clothes size. There are elements that fall in this
      category -- such as race, nationality, ethnicity, religion, income -- that raise
      additional issues. </DD>
    <DT><U><B>Content</B></U> </DT>
    <DD>the words and expressions contained in the body of a communication including the text of
      email, bulletin board postings, chat room communications. </DD>
  </DL>
</BLOCKQUOTE>

		
<H2>Practices Defined</H2>

		
<P>A practice is a P3P clause that describes what a service plans to do with data. We
specify four types of practices: use, transfer, release, and access.</P>
<U><B>

		
<P>USE</B></U> means the handling of information by the entity who received it directly
from the subject of the information. The use of information by agents who represent or act
for the entity under the relation of agency also is considered use. 

		
<UL>
  <U><B>
  <LI>System administration</B></U> the use of information solely to support the operation of
    the computer system</LI>
  <U><B>
  <LI>Research and/or product development</B></U> the use of information to enhance, evaluate,
    or otherwise review the site, a product, or a market. The use of information to improve
    the content of a site would fall under this definition, but the use of personal
    information to tailor or modify the content to the specific individual would not. This
    definition does not include the use of information to evaluate, target, profile or contact
    the individual.</LI>
  <U><B>
  <LI>Completion and support of current transaction</B></U> the use of information to complete
    the activity for which it was provided -- for example place an order, ship an order,
    recall a faulty product.</LI>
  <U><B>
  <LI>customization of content and/or design of site</B></U> the use of information to tailor
    or modify the site to the particular individual.</LI>
  <U><B>
  <LI>contacting visitors for marketing of services or products</B></U> the use of information
    to contact the individual to promote a product or service. This includes notifying
    visitors about updates to the web site.</LI>
  <U><B>
  <LI>in identifiable form for contacting visitors for marketing of services and/or products,
    and opt-out is provided</B></U> (definition. of opt-out -- the individual is given
    conspicuous notice of the intent to disclose and the ability to limit the disclosure of
    personal information through an online feature at or before the time at which such
    information is requested.)</LI>
  <LI><U><B>linking with identifiable information </B></U>combining non-identifiable
    information with personally identifiable information.</LI>
  <LI><U><B>other uses</B></U> uses of information not captured by the above definitions and
    not involving disclosure. </LI>
</UL>
<U><B>

		
<P></B></U>&nbsp;</P>

		
<P><U><B>TRANSFER</B></U> means to transfer, provide access to, or otherwise divulge
information to another entity that is legally related to the entity with whom the
individual is interacting and is bound by the same information practices. the sharing of
information between &quot;affiliates&quot; or &quot;subsidiaries&quot; is considered a
transfer. 

		
<UL>
  <U><B>
  <LI>in identifiable form for research and/or product development</LI>
  <LI>in identifiable form for customization and/or improvement of content and/or design of
    site</B></U> </LI>
  <U><B>
  <LI>in identifiable form for contacting visitors for marketing of services and/or products</B></U>
  </LI>
  <U><B>
  <LI>in identifiable form for contacting visitors for marketing of services and/or products,
    and opt-out is provided</B></U> (definition. of opt-out -- the individual is given
    conspicuous notice of the intent to disclose and the ability to limit the disclosure of
    personal information through an online feature at or before the time at which such
    information is requested.)</LI>
</UL>

		
<P>&nbsp;</P>
<U><B>

		
<P>RELEASE</B></U> means to release, provide access to, or otherwise divulge information
to one or more unrelated third-parties. exchanges of information between two separate
corporations is a disclosure. 

		
<UL>
  <U><B>
  <LI>in identifiable form for customization and/or improvement of content and/or design of
    site</B></U> </LI>
  <U><B>
  <LI>in identifiable form for contacting visitors for marketing of services and/or products</B></U>
  </LI>
  <LI><U><B>in identifiable form for contacting visitors for marketing of services and/or
    products, and opt-out is provided</B></U> (Definition. of Opt-out -- the individual is
    given conspicuous notice of the intent to disclose and the ability to limit the disclosure
    of personal information through an online feature at or before the time at which such
    information is requested.)</LI>
  <LI><U><B>in identifiable form to others for other purposes</B></U> </LI>
  <LI><U><B>in non-identifiable form</B></U> </LI>
</UL>
<U><B>

		
<P>ACCESS</B></U> the ability of the individual who is the subject of the information to
view, and/or correct it. 

		
<UL>
  <U><B>
  <LI>view</B></U> the ability of the individual who is the subject of the information to
    inspect and copy it.</LI>
  <U><B>
  <LI>correct</B></U> the ability of the individual who is the subject of the information to
    amend, delete, and/or retract it.</LI>
</UL>

		
<P>(this field would also have a space for a pointer to a Web page or some text giving
more information)</P>
<U>

		
<H2></U>Ancillary Recommendations</H2>

		
<P>We believe that within P3P statements a field for each of the following should exist:</P>

		
<P><U><B>CONTACT</B></U> site should provide relevant contact information including
company or individual name, contact person, phone number, address, email.</P>
<B><U>

		
<P>AGREEMENT WITH</U> </B>site should indicate the entity with whom the individual is
interacting (representation should be consistent with consumers perception).</P>
</BODY>
</HTML>

		
.

NEW PAGES:

[ODDNUGGET]

[GOPHER]