Planning your policy

This section describes the information that you need to gather to create a P3P privacy policy that corresponds with your organization's data collection and use policies. Your organization might already have a statement of privacy practices published at your Web site. If so, the statement can be a good source of information for your privacy policy. If not, reviewing the privacy statements of other Web sites might help you get started.

Organization

A P3P policy must provide the legal name of the business or organization making the claims in the privacy policy. The policy must also include information describing how the organization can be contacted and the URL of your organization's human-readable privacy policy. This privacy policy is published on your Web site for people to read and is not the same as the privacy policy that the editor creates. You might not have a human-readable policy at this time, but you can reserve a URL for the policy, as long as it is published before you implement your machine-readable policy. As you create your privacy policy, the editor creates a primitive, HTML-formatted policy that you can use as the source for writing your own privacy statement. This information is required.

Assurances

This information describes how disputes or violations of your organization's privacy practices can be resolved. This helps assure visitors at your Web site that your privacy policy is monitored, verified, or supported by resolution procedures. Many Web sites employ a third party service with a privacy seal to verify their stated privacy claims. Your organization can also set up a customer service department or may follow certain legal guidelines to assure privacy. Determine all of the procedures that you follow - you can list more than one dispute procedure or service. Assurances are recommended but not required.

For a third party verification service or customer service department, you must include contact information. Also determine the service's URL, description, and the URL for the service's verification certificate. Examples of a third party verification service include Truste (http://www.truste.org/) or BBBOnLine (http://www.bbbonline.org/).

Data collection and use

A P3P policy should contain at least one data group stating the kind of information or data gathered at a Web site, why it is gathered, and who receives the data. Determine all of the data collected at your Web site. This might include access logs, cookies, and data collected from forms and Web applications.

Each type of data collected at your site is represented in the policy as a data element. Many data elements are already defined by the P3P base data schema. The base data schema is composed of four data sets:

Dynamic data
Information that does not have a fixed value. Includes elements that are dynamically generated in the course of a user's browsing session, such as the list of URLs requested by the user (click-stream data), browser information, search text, and cookies.
User information
Information that users might provide about themselves, such as their name or address.
Third-party individual information
Information about a related third party (for example, emergency contact information, job references, or a gift recipient's shipping address)
Business information
Information about a business or organization

If you collect data that is not covered by the base data schema, you need to create a new data element.

Using data categories

Another way your policy can describe the data that is collected is by using data categories. A data element can be assigned to a data category to give users and user agents additional hints about the type of information that is collected at the Web site. The P3P specification includes a set of base data categories from which you can choose, or you can specify a unique data category. The P3P editor displays a data element for each category under the Broad categories data set. P3P-compliant user agents can be developed to interpret the base data categories and allow users to set their preferences based on these categories.

Using the base categories simplifies the process of writing a P3P policy by allowing you to aggregate your data into generic data elements rather than having to declare every specific piece of information that you collect. For example, your policy could state that you collect a user's name, street, city, state or province, postal code, and telephone number. If you use all of this information for the same purpose and provide it to the same recipient, you could declare a single data element under the Physical contact information category, thereby declaring one data element rather than six.

Planning for new data elements

You can create data sets that represent specialized types of information collected at your Web site. For example, suppose you are working for a company that collects credit card information for secure, online purchases and stores that information so that the user does not have to re-enter it when they return to the Web site for another purchase. You can build a specialized data set using the following schema:

Data set:
credit
Data elements:
credit.company
credit.number
credit.expiration

Data element names can be used in your Web applications and forms that can read and process P3P syntax. See Creating new data elements for more information.

Data groups

After you have determined the data elements you need in your policy, arrange the data elements into one or more data groups. When a data element or data set is moved into a data group, it is declared as part of the policy and known as a policy element. Data groups in a policy are distinguished by what the data is used for (purpose) and who uses the data (recipients). For example, a portal might collect user name and password data for the purpose of customizing pages for site users and make the information available only to the Web site administrators. All data collected for the same purpose and recipient is declared in the same data group. Data can be declared in more than one data group.

At least one data group is required. Each data group creates a <STATEMENT> element prescribed by the P3P specification.

For more information about how data groups and data elements, see Declaring data.

Before you declare data in your policy, set the global properties of your privacy policy.

Using templates

Before you create your policy, review some of the templates supplied by the editor. One of the templates might give you a quick start. To open a template, click File --> Open Template and choose one of the available templates. A brief description of each template is available in the Templates Help .

Saving your work

Changes that you make in a policy (using either a template, blank, or existing policy) are not written to disk until you explicitly save these changes. To save any changes you make in the P3P editor, click File --> Save Policy. If you have been working with a blank policy, you are prompted for the file name of the new policy that you are saving.

Multiple policies

If different portions of your organization's Web site have different practices for data collection and use, consider publishing more than one privacy policy. For example, you could have one policy that applies to the general data collection practices of the entire Web site and a specialized policy that applies to an online transaction service.

The P3P specification allows you to combine multiple policies into a single file. Each policy in the file must be contained within a single POLICIES element and include the Policy name. However, the P3P Editor does not support files containing multiple policies.