Resource File

Creating Privacy-aware Web Sites

Privacy issues are of primary concern to those involved in Internet commerce. Some consumers are hesitant to provide information to Web sites without clearly understanding how their data will be used and with whom it will be shared. Web site developers can help allay their users' fears by allowing them to make informed choices whenever data is collected. Here are some simple guidelines:

• Document the data that you collect, store, and share
• Create a privacy statement outlining these practices
• Implement Platform for Privacy Preferences (P3P) so browsers can reflect your practices
• Provide selections so users can opt out of any secondary use of their data

One of the most important actions that you can take for your company and customers is to document all the information that you collect. You should indicate why it is collected, where it is stored, and with whom it is shared. Describe who within your company has access to the data and any third parties that see the data (a process called Onward Transfer).

Any data that you collect should be protected with encryption during storage and transfer. You can encrypt data using Secure Sockets Layer (SSL), Encrypted File System (EFS), Secure Internet Protocol (IPSec), and Crypto API. Data stores should have access protection to restrict who can see the data.

Only collect data from customers when you need it to perform a service. Make sure you have a retention policy for the data, which defines at what point data must be purged from your system.

The accompanying diagram is an example of how you can document data being collected by a Web server. The diagram not only shows the data that is collected, stored, and shared, but also shows who has access to the data and describes various characteristics about the data.

Whenever you are collecting data on your Web site and plan to use it for a secondary purpose, make sure to tell your visitors your intentions and give them an opportunity to opt-in or out for the usage. For example, if you sell CDs on your site, consumers will have to give you their contact information for billing and shipping purposes. You may want to send them a notice whenever you receive new CDs from the same artist or CDs of a similar musical genre. You should always provide a checkbox to permit the user to select their choice. The checkbox should offer the option to opt out, meaning customers won't be contacted. For best privacy, you can make "opt out" the default.

Once you have performed an analysis, you will need to inform consumers about your data collection and usage practices. You should also include a description of the choices they have for the use of their data. Include information about your retention and protection policies in a privacy statement posted prominently on your Web site. For information on how to create a privacy statement and other tips, read the privacy chapters of the book Microsoft Windows Security Resource Kit (Microsoft Press, 2003).

P3P is a specification developed by the World Wide Web Consortium to permit Web sites to present their privacy statements in a standardized XML format. By implementing P3P, Web sites are permitting P3P-enabled users to programmatically read their privacy statements. The eye symbol on the Internet Explorer 6.0 status bar indicates that the Web site has not implemented P3P or that its policy differs from the preferences set by the user in the privacy dialog. For a step-by-step explanation of the implementation procedure, visit How to Deploy P3P Privacy Policies on Your Web Siteand https://www.w3.org.

For more information take a look at the definitive book on P3P—Web Privacy with P3P by Dr. Lorrie Faith Cranor (O'Reilly, 2002). Also see the Security Developer Center.