jump to navigation

NOTE: The spam filter is being unusually aggressive. If you comment does not immediately appear, it has simply been placed in moderation and I will approve it as quickly as possible. Thank you for your patience.

"Murphy was an optimist!"

My Clients Now Get P3P Privacy Policies November 17, 2009 11:15 am

Posted by Doug McCaughan in : Privacy, Programming, Security, Technology, Touchy Subjects
, trackback

Does your website collect identifying information on your visitors? If you think because you do not sell anything, ie. no shopping cart, and have no subscription services that you are not collecting identifying information on your site’s visitors then you are probably wrong. Most web servers log IP addresses along with the time of the visit and what that IP address read. ISPs keep logs showing which IP addresses were allocated to what users at particular times. Your logs can be correlated to their logs to identify a person. If your site as a comment form then you are definitely collecting information but more importantly that form gives you a name of a person to associate with the IP address without having to involve the ISP.

So now that we are clear that you are probably collecting identifying information about the visitors to your site, do you have a privacy policy? A privacy policy states how you will use that identifying information. For instance, perhaps you sell it to mailing lists. Or perhaps you specifically do NOT sell it to mailing lists but aggregate it to be able to explain to your potential advertisers that 70% of your site’s visitors are women between the ages of 22 and 35.

If you have a privacy policy, as a human, I can follow the link to that policy, read it, and try to interpret it. But why should I do that when I may not even understand what I’m reading? Shouldn’t the browser or other software handle the privacy policy for me? Yes! And on April 16, 2002 the W3C recommended the Platform for Privacy Preferences Project or P3P which is "a machine-readable language that helps to express a website’s data management practices." What this comes down to is that you can set your privacy preferences in your browser and if the website’s policy does not match, the browser blocks cookies from that site. Certainly there is a bit more to it than that but for most users, it boils down to blocking cookies.

P3P is a bit of a pain in the neck but every website (and that means your blogs) should have a privacy policy. This is definitely something I will encourage of each of my clients.

Comments after advertisement

Comments»

no comments yet - be the first?


trackback