Difference between revisions of "How To Privacy Policy"

From WOT Wiki
Jump to: navigation, search
(Section removed. Not related to PII)
m (Cookies and Tracking Cookies)
 
(9 intermediate revisions by 4 users not shown)
Line 1: Line 1:
== Your Privacy Statement ==
+
==Your Privacy Statement==
  
describes how you handle information about the visitors of your website. You have to make a clear statement describing how each bit of data you gather is used.
+
describes how you handle information about the visitors of your website. You have to make a clear statement describing how each bit of data you gather is used. You should have a privacy policy if:
 +
* You set [http://en.wikipedia.org/wiki/HTTP_cookies|HTTP Cookies]
 +
* Use [[Web Bug|Web Bugs]] (Tracking)
 +
* Use Flash and it stores [[Local_shared_object | LSOs]] (Flash Cookies)
 +
* Collect any [[Personally_Identifiable_Information (PII) | Personal Identifiable Information]]
 +
* Collect any information from children
  
 +
Please review the [[Privacy_Policy]] page for further reference.
  
===HTTP Cookies===
+
==Samples and Helpful Links==
 +
For a sample privacy policy you may take a look at the [http://www.mywot.com/en/privacy WOT privacy policy].
  
The most common thing that affects privacy are HTTP Cookies. A Cookie is a piece of text that a website stores on your computer. Basically it allows the website to recognize you. Cookies are an essential part of the internet and a lot of pages use them. If you use them, you should tell the users about them and add a Cookie policy.
+
For help in creating your own privacy policy, [http://www.dmaresponsibility.org/PPG/ The Direct Marketing Association] has some good advice as well as a free, online privacy policy generator.
For a detailed description of cookies [http://en.wikipedia.org/wiki/HTTP_cookies| look here]
 
  
 +
Other references:
  
===Cookie policy===
+
* [http://www.ftc.gov/reports/privacy3/fairinfo.shtm Fair Information Practice Principles]
 +
* [http://www.networkadvertising.org Network Advertising Initiative]
 +
* [https://www.eff.org/wp/osp EFF - Best Practices for Online Service Providers]
 +
* [https://www.bbbonline.org/privacy/sample_privacy.asp BBBonline - Sample Privacy Notice]
 +
* [http://www.enotes.com/everyday-law-encyclopedia/deceptive-trade-practices Deceptive Trade Practices]
 +
* [http://www.businesslink.gov.uk/bdotg/action/detail?itemId=1076142085&type=RESOURCES IT & e-commerce Section UK Government]
  
A cookie policy is usually part of the privacy policy. It's addressed within it's own section (normally a paragraph) which states what type of cookies are used: session or persistent.
 
  
* Session Cookies:    Not stored on disk, only last as long the browser is open
+
==Information Sharing and Disclosure==
* Persistent Cookies: Stored on disk, last a specified time, possibly indefinitely
 
  
Your site should offer as few cookies as possible, preferably none. Widgets, advertising, and other third-party interventions may causes your site to drop more cookies on to your visitors computers. When you do use scripts, or browser bars, or social networking link "buttons", etc you should address these in your cookie policy and offer explicit links to the other privacy policies available on these outside sources.
+
If you collect any [[Personally_Identifiable_Information_(PII)|Personal Identifiable Information]], you need to tell the customer what you will do with it (e.g. whether you will share it with 3rd parties).  
  
When using third-party advertising such as Google or DoubleClick, reference their usage and include the appropriate links. Google is just one example of many advertising sites.  
+
You must ensure their safety and not rent, sell, or share personal information with other people/companies. You may state exceptions to this, e.g. to share the address of a customer with a delivery service.
  
[http://www.doubleclick.com/privacy/faq.aspx| DoubleClick DART cookie]
 
  
[https://www.google.com/adsense/support/bin/answer.py?answer=100557| Google Adsense]
+
==Cookies and Tracking Cookies==
  
[http://www.google.com/privacy_ads.html| Google Advertising and Privacy]
+
Please tell the user what cookies are and why you set them.
 +
If cookies not belonging to your site are set, e.g. by advertisement companies or usage trackers, list them and provide a link to the privacy statement of the third-party company.
  
 +
Please note that the following texts are just examples, you need to change them according to your usage of cookies/advertisers/trackers ...
  
===Tracking===
+
'''Example Cookies:'''
 +
: "A cookie is a piece of text stored by your web browser on your computer. We use it to remember and process the items in your shopping cart, track your preferences for future visits, to access your information when you sign in so we can provide you with your personalized content, to display the most appropriate advertisements, compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future."
  
A cookie policy should also mention whether the site uses any third-party trackers: Google Analytics and Quantserve are two popular ones. Tracking may also be done by using [http://en.wikipedia.org/wiki/Web_beacons| web beacons] (web bug, tracking bug, tracking pixel, pixel tag, 1×1 gif, clear gif) This should be explicitly mentioned in your privacy policy if your site uses this technology.  
+
'''Example Advertising Cookies:'''
 +
: "We use services provided by other companies to show advertisements on some of our pages. These other companies set and access their own cookies and their use of them is subject to their own privacy policies. Advertisers or other companies do not have access to our cookies. This is a list of all third-party companies that set cookies: ..."
 +
 
 +
'''Example Tracking Cookies:'''
 +
: "We use services provided by other companies to track the usage of our page. These other companies set and access their own cookies and their use of them is subject to their own privacy policies. These companies do not have access to our cookies. This is a list of all third-party companies that set tracking cookies: ..."
  
  
 
===How do I find if and which cookies my page sets?===
 
===How do I find if and which cookies my page sets?===
  
An easy way to get a list of all cookies that your webpage sets is to use Firefox privacy mode. How to browse privately? [http://support.mozilla.com/en-US/kb/Private+Browsing#Turn_on_Private_Browsing| Look here].
+
An easy way to get a list of all cookies that your web page sets is to use Firefox privacy mode. How to browse privately? [http://support.mozilla.com/en-US/kb/Private+Browsing#Turn_on_Private_Browsing| Look here].
 
 
 
After starting private browsing mode, enter the url of your site and go to it. Click a bit around, but don't leave your site!
 
After starting private browsing mode, enter the url of your site and go to it. Click a bit around, but don't leave your site!
  
Now lets take a look at what cookies were set. Click Tools menu -> Options -> Privacy and choose "remove individual cookie". In this window you see all cookies that your page has set, including those set by external content.  
+
After doing that: Click Tools menu -> Options -> Privacy and choose "remove individual cookie". In this window you see all cookies that your page has set, including those set by external content.
 
 
Please explain what purpose the cookies you set have. In case cookies, which do not belong to your site are set, explain them too. If you use some kind of advertisement, chances are high that they set cookies. Take the relevant part of the privacy information of the ad company and add it to your cookie statement.
 
 
 
 
 
===Do you use Flash?===
 
 
Flash uses something called [http://en.wikipedia.org/wiki/Local_Shared_Object| Local Shared Objects] to store information on your computer. They are also referred to as "zombie" or "super" cookies. Quoting from Adobe:
 
 
 
<blockquote>Local shared objects, sometimes referred to as "Flash cookies," are data files that can be created on your computer by the sites you visit. Shared objects are most often used to enhance your web-browsing experience. A website can write a cookie on your computer, and the next time you visit it will load that cookie and its information in a way that provides a more customized experience. For example, you may have asked a site to remember your login name. That information is stored in the cookie and retrieved on your next visit so that the website displays your name in the login field on the site.</blockquote>
 
 
 
The interesting thing about LSO's are that when you delete your cookie cache, the LSO is able to rewrite the cookie. This causes the LSO to be used not only for tracking, but for spyware as well. The only time your site should use Adobe Flash LSO's are when you have created Flash files (.SWF / .FLV) to share with your visitors and these local stored objects should not be abused with the intent on spying upon your site visitors.
 
 
 
For more information [[Local_shared_object| look here]]
 
 
 
 
 
===Children's Online Privacy Protection Act.===
 
 
 
For sites hosted within the USA, or on US servers it is required to adhere to COPPA and if so, it should also be referenced within your site's privacy policy.
 
 
 
Websites that are collecting information from children under the age of thirteen are required to comply with Federal Trade Commission ( FTC ) Children's Online Privacy Protection Act (COPPA).
 
 
 
    [http://www.coppa.org/| COPPA - Children's Online Privacy Protection Act]     
 
    [http://www.ftc.gov/privacy/privacyinitiatives/childrens.html| The Children's Online Privacy Protection Act]
 
 
 
 
 
===Do people enter any information?===
 
 
 
It basically doesn't matter what kind of information you collect. Whether you have a shop and store orders and addresses or something else, you should tell users what you store, for how long and how you use it. Be honest and try to be complete.
 
 
 
These links might be helpful
 
[http://www.ftc.gov/infosecurity/| Federal Trade Commission's Guide for Business]
 
[http://www.oecd.org/document/39/0,2340,en_2649_34255_28863271_1_1_1_1,00.html| OECD Privacy Statement Generator]
 
[http://www.the-dma.org/privacy/creating.shtml| OECD Direct Marketing Association Privacy Policy Generator]
 

Latest revision as of 20:29, 27 August 2012

Your Privacy Statement

describes how you handle information about the visitors of your website. You have to make a clear statement describing how each bit of data you gather is used. You should have a privacy policy if:

Please review the Privacy_Policy page for further reference.

Samples and Helpful Links

For a sample privacy policy you may take a look at the WOT privacy policy.

For help in creating your own privacy policy, The Direct Marketing Association has some good advice as well as a free, online privacy policy generator.

Other references:


Information Sharing and Disclosure

If you collect any Personal Identifiable Information, you need to tell the customer what you will do with it (e.g. whether you will share it with 3rd parties).

You must ensure their safety and not rent, sell, or share personal information with other people/companies. You may state exceptions to this, e.g. to share the address of a customer with a delivery service.


Cookies and Tracking Cookies

Please tell the user what cookies are and why you set them. If cookies not belonging to your site are set, e.g. by advertisement companies or usage trackers, list them and provide a link to the privacy statement of the third-party company.

Please note that the following texts are just examples, you need to change them according to your usage of cookies/advertisers/trackers ...

Example Cookies:

"A cookie is a piece of text stored by your web browser on your computer. We use it to remember and process the items in your shopping cart, track your preferences for future visits, to access your information when you sign in so we can provide you with your personalized content, to display the most appropriate advertisements, compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future."

Example Advertising Cookies:

"We use services provided by other companies to show advertisements on some of our pages. These other companies set and access their own cookies and their use of them is subject to their own privacy policies. Advertisers or other companies do not have access to our cookies. This is a list of all third-party companies that set cookies: ..."

Example Tracking Cookies:

"We use services provided by other companies to track the usage of our page. These other companies set and access their own cookies and their use of them is subject to their own privacy policies. These companies do not have access to our cookies. This is a list of all third-party companies that set tracking cookies: ..."


How do I find if and which cookies my page sets?

An easy way to get a list of all cookies that your web page sets is to use Firefox privacy mode. How to browse privately? Look here. After starting private browsing mode, enter the url of your site and go to it. Click a bit around, but don't leave your site!

After doing that: Click Tools menu -> Options -> Privacy and choose "remove individual cookie". In this window you see all cookies that your page has set, including those set by external content.

Retrieved from "https://www.mywot.com/wiki/index.php?title=How_To_Privacy_Policy&oldid=9065"