|
|
| Line 1: |
Line 1: |
| | == Your Privacy Statement == | | == Your Privacy Statement == |
| | | | |
| − | describes how you handle information about the visitors of your website. You have to make a clear statement describing how each bit of data you gather is used. | + | describes how you handle information about the visitors of your website. You have to make a clear statement describing how each bit of data you gather is used. You should have a privacy policy if: |
| − | | + | * You set [http://en.wikipedia.org/wiki/HTTP_cookies|HTTP Cookies] |
| − | | + | * Use Web Bugs (Tracking) |
| − | ===HTTP Cookies===
| + | * Use Flash |
| − | | + | * Collect any Personal Identifiable Information |
| − | The most common thing that affects privacy are HTTP Cookies. A Cookie is a piece of text that a website stores on your computer. Basically it allows the website to recognize you. Cookies are an essential part of the internet and a lot of pages use them. If you use them, you should tell the users about them and add a Cookie policy.
| + | * Collect any information from children |
| − | For a detailed description of cookies [http://en.wikipedia.org/wiki/HTTP_cookies| look here]
| |
| − | | |
| − | | |
| − | ===Cookie policy===
| |
| − | | |
| − | A cookie policy is usually part of the privacy policy. It's addressed within it's own section (normally a paragraph) which states what type of cookies are used: session or persistent.
| |
| − | | |
| − | * Session Cookies: Not stored on disk, only last as long the browser is open | |
| − | * Persistent Cookies: Stored on disk, last a specified time, possibly indefinitely | |
| − | | |
| − | Your site should offer as few cookies as possible, preferably none. Widgets, advertising, and other third-party interventions may causes your site to drop more cookies on to your visitors computers. When you do use scripts, or browser bars, or social networking link "buttons", etc you should address these in your cookie policy and offer explicit links to the other privacy policies available on these outside sources.
| |
| − | | |
| − | When using third-party advertising such as Google or DoubleClick, reference their usage and include the appropriate links. Google is just one example of many advertising sites.
| |
| − | | |
| − | [http://www.doubleclick.com/privacy/faq.aspx| DoubleClick DART cookie]
| |
| − | | |
| − | [https://www.google.com/adsense/support/bin/answer.py?answer=100557| Google Adsense]
| |
| − | | |
| − | [http://www.google.com/privacy_ads.html| Google Advertising and Privacy]
| |
| − | | |
| − | | |
| − | ===Tracking===
| |
| − | | |
| − | A cookie policy should also mention whether the site uses any third-party trackers: Google Analytics and Quantserve are two popular ones. Tracking may also be done by using [http://en.wikipedia.org/wiki/Web_beacons| web beacons] (web bug, tracking bug, tracking pixel, pixel tag, 1×1 gif, clear gif) This should be explicitly mentioned in your privacy policy if your site uses this technology.
| |
| | | | |
| | + | For a detailed explanation of these things: [[Privacy_Policy|Look here]] |
| | | | |
| | ===How do I find if and which cookies my page sets?=== | | ===How do I find if and which cookies my page sets?=== |
| | | | |
| | An easy way to get a list of all cookies that your webpage sets is to use Firefox privacy mode. How to browse privately? [http://support.mozilla.com/en-US/kb/Private+Browsing#Turn_on_Private_Browsing| Look here]. | | An easy way to get a list of all cookies that your webpage sets is to use Firefox privacy mode. How to browse privately? [http://support.mozilla.com/en-US/kb/Private+Browsing#Turn_on_Private_Browsing| Look here]. |
| − |
| |
| | After starting private browsing mode, enter the url of your site and go to it. Click a bit around, but don't leave your site! | | After starting private browsing mode, enter the url of your site and go to it. Click a bit around, but don't leave your site! |
| | | | |
| − | Now lets take a look at what cookies were set. Click Tools menu -> Options -> Privacy and choose "remove individual cookie". In this window you see all cookies that your page has set, including those set by external content. | + | Now let's find out which cookies were set. Click Tools menu -> Options -> Privacy and choose "remove individual cookie". In this window you see all cookies that your page has set, including those set by external content. |
| − | | |
| − | Please explain what purpose the cookies you set have. In case cookies, which do not belong to your site are set, explain them too. If you use some kind of advertisement, chances are high that they set cookies. Take the relevant part of the privacy information of the ad company and add it to your cookie statement.
| |
| − | | |
| − | | |
| − | ===Do you use Flash?===
| |
| − |
| |
| − | Flash uses something called [http://en.wikipedia.org/wiki/Local_Shared_Object| Local Shared Objects] to store information on your computer. They are also referred to as "zombie" or "super" cookies. Quoting from Adobe:
| |
| − | | |
| − | <blockquote>Local shared objects, sometimes referred to as "Flash cookies," are data files that can be created on your computer by the sites you visit. Shared objects are most often used to enhance your web-browsing experience. A website can write a cookie on your computer, and the next time you visit it will load that cookie and its information in a way that provides a more customized experience. For example, you may have asked a site to remember your login name. That information is stored in the cookie and retrieved on your next visit so that the website displays your name in the login field on the site.</blockquote>
| |
| − | | |
| − | The interesting thing about LSO's are that when you delete your cookie cache, the LSO is able to rewrite the cookie. This causes the LSO to be used not only for tracking, but for spyware as well. The only time your site should use Adobe Flash LSO's are when you have created Flash files (.SWF / .FLV) to share with your visitors and these local stored objects should not be abused with the intent on spying upon your site visitors.
| |
| − | | |
| − | For more information [[Local_shared_object| look here]]
| |
| − | | |
| − | | |
| − | ===Children's Online Privacy Protection Act.===
| |
| − | | |
| − | For sites hosted within the USA, or on US servers it is required to adhere to COPPA and if so, it should also be referenced within your site's privacy policy.
| |
| − | | |
| − | Websites that are collecting information from children under the age of thirteen are required to comply with Federal Trade Commission ( FTC ) Children's Online Privacy Protection Act (COPPA).
| |
| − | | |
| − | [http://www.coppa.org/| COPPA - Children's Online Privacy Protection Act]
| |
| − | [http://www.ftc.gov/privacy/privacyinitiatives/childrens.html| The Children's Online Privacy Protection Act]
| |
| | | | |
| | + | Please explain what purpose the cookies you set have. In case cookies, which do not belong to your site are set, explain them too. If you use some kind of advertisement, chances are high that they set cookies. Take the relevant part of the privacy information of the ad company and add it to your cookie statement or link to the privacy statement of those companys. |
| | | | |
| − | ===Do people enter any information?===
| + | For sample privacy policy's you may take a look at the [http://www.mywot.com/de/privacy| WOT privacy policy]. You find other samples here: |
| − |
| |
| − | It basically doesn't matter what kind of information you collect. Whether you have a shop and store orders and addresses or something else, you should tell users what you store, for how long and how you use it. Be honest and try to be complete.
| |
| | | | |
| − | These links might be helpful
| + | [http://www.businesslink.gov.uk/bdotg/action/detail?itemId=1076142085&type=RESOURCES| IT & e-commerce Section UK Government] |
| − | [http://www.ftc.gov/infosecurity/| Federal Trade Commission's Guide for Business] | |
| − | [http://www.oecd.org/document/39/0,2340,en_2649_34255_28863271_1_1_1_1,00.html| OECD Privacy Statement Generator]
| |
| − | [http://www.the-dma.org/privacy/creating.shtml| OECD Direct Marketing Association Privacy Policy Generator]
| |
Your Privacy Statement
describes how you handle information about the visitors of your website. You have to make a clear statement describing how each bit of data you gather is used. You should have a privacy policy if:
- You set Cookies
- Use Web Bugs (Tracking)
- Use Flash
- Collect any Personal Identifiable Information
- Collect any information from children
For a detailed explanation of these things: Look here
How do I find if and which cookies my page sets?
An easy way to get a list of all cookies that your webpage sets is to use Firefox privacy mode. How to browse privately? Look here.
After starting private browsing mode, enter the url of your site and go to it. Click a bit around, but don't leave your site!
Now let's find out which cookies were set. Click Tools menu -> Options -> Privacy and choose "remove individual cookie". In this window you see all cookies that your page has set, including those set by external content.
Please explain what purpose the cookies you set have. In case cookies, which do not belong to your site are set, explain them too. If you use some kind of advertisement, chances are high that they set cookies. Take the relevant part of the privacy information of the ad company and add it to your cookie statement or link to the privacy statement of those companys.
For sample privacy policy's you may take a look at the WOT privacy policy. You find other samples here:
IT & e-commerce Section UK Government
