Getting started
Use the P3P Policy Editor to create a privacy policy for your
Web site that can be interpreted by user agents, such as Web browsers,
that support P3P.
While you are working on your policy, the editor
checks for conformance with the P3P specification and
displays policy errors and warnings on the
Errors tab.
- An error is generated when information required by the P3P
specification is not present.
- A warning is generated when information recommended by the
P3P specification is not present.
Warnings are also generated for situations which are commonly
caused by misunderstandings of the P3P specification, such as a
policy that claims that the site collects absolutely no data.
To create a P3P policy without errors,
define global properties for the policy and declare data elements
by moving them into one or more data groups.
When a data element or data set is moved into a data group, it is declared
as part of the policy and known as a policy element.
When the P3P Policy Editor is first started, a quick start menu is displayed
that allows you to work from a blank policy, choose one of the supplied templates,
or to edit an existing policy.
- If you select the blank policy, you will have to define
global policy properties, data group properties, and declare data elements
in a data group.
- If you select a template, many data groups are already defined with
data elements declared. You still have to define global properties for
these policies. See
Templates help for more information about
each of the templates.
If you choose to disable the quick start menu,
the editor loads a blank P3P policy at startup.
This section demonstrates some of the capabilities of the editor by showing
you how to modify a blank policy and save it without errors.
If you have already made changes in the editor since opening it,
click File
New
to start with a blank policy.
- Select the Errors tab
in the Your Policy pane of the main
editor window.
This tab displays a list of policy errors and policy warnings.
- Click Policy
Policy Properties .
The P3P Privacy Policy Properties panel is displayed.
This panel is used to set global properties for the policy.
- Enter the Organization name .
- Enter at least one type of contact information (e-mail address,
phone number, or mailing address).
- Click the Web sites
tab and enter
the URL of human-readable privacy policy .
This is the location where users can read about the data
your organization collects and how it is used.
- Select the Assurances tab.
This tab lists services or procedures that you set up
to assure users that your organization's stated privacy policy
is monitored or verified.
- Click Add .
The Dispute Properties panel is displayed.
This panel is for adding or modifying
a dispute resolution service or procedure.
- Enter the URL of the
customer service or independent organization Web page,
or the URL that contains information about the relevant court or applicable law
used to assure that the privacy policy is followed.
- Click OK to close the Disputes Properties panel.
- Click OK to close the P3P Privacy Policy
Properties panel.
- In the Groups pane of the main editor window,
right-click the New Group object and select
Properties from the context menu.
The Group Properties panel is displayed.
Groups are used to specify the purpose and recipient of one or more
data elements.
- Select the Purpose tab and check one or
more items that describe why the data is being collected.
- Select the Recipient tab and select one
or more recipients of the data.
- Click OK to close the window.
- In the Data Elements pane of the main editor
window, select a data set or data element to copy into your group.
Each group must contain a data set or element that describes the data
that you collect at your Web site. You can copy the data element by
dragging it into the group with your mouse or by clicking
.
When you copy data to a group, the data element appears under the
Policy Elements tab in the
Your Policy pane.
- Select the Errors tab
in the Your Policy pane.
The contents should be empty.
If not, click Policy
Refresh Policy .
- Click File
Save Policy As and save your policy with a .p3p
extension. You can also save your policy with a .xml
extension for Web servers that are not configured to recognize P3P files.
Now you have just generated your first P3P privacy policy without errors or
warnings. However, this policy does not reflect your organization's practices
for collecting and using data from users
or describe the type of data being collected.
For information about setting up a privacy policy that corresponds to your
organizations published policy, see the following topics: