p3ptoolbox.org

Implementation Guide
Implementer tools & User agents
Events
News & Media
FAQ
More Information
Sponsors
About IEF

Version 1.0

Table of Contents

The P3P Implementation Guide

By Laurel Jamtgaard* and the Internet Education Foundation
Property of the Internet Education Foundation and the World Wide Web Consortium

*Laurel Jamtgaard is an attorney and privacy consultant living in Menlo Park, California. Ms. Jamtgaard coordinated the implementation of P3P at Angara E-Commerce Services, while serving as the company's Chief Privacy Officer and General Counsel. She is an author and speaker on topics of privacy, copyright and other information policy issues.

Abstract

This is a guide to help organizations incorporate the Platform for Privacy Preferences (P3P) into their Web site(s). It provides information on the tasks required, the resources required, and gives guidance on how to best manage and execute the implementation.

NOTE: There are significant legal issues involved with publishing a privacy policy whether in human readable or P3P format. Although various legal issues may be discussed in this guide, it should not be considered a substitute for legal advice.

Status of currency of this document

Please note that this is a working draft of the Implementation Guide and is subject to revisions and corrections. Revised versions of this document will be distributed for circulation on an as needed basis. Updates on this document and the final version of the Implementation Guide will be provided on http://www.p3ptoolbox.org.

Acknowledgements

The author would like to thank the staff of the Internet Education Foundation, the World Wide Web Consortium and the following individual reviewers and contributors: Lorrie Cranor, Jeff Nichols, Giles Hogben, Rigo Wenning, Ari Schwartz, Greg Hampson, Rebecca Richards, and Brooks Dobbs for their generous assistance.

Table of Contents

  1. Introduction
  2. Why implement P3P?
    1. Distinguishing Data Privacy
    2. Data Privacy is a Widespread & Tangible Issue
      1. Consumers are Looking for a Change
      2. Businesses are Seeking Consumer Trust
      3. The Technology Infrastructure is Evolving with Privacy in Mind
      4. Governments are Engaged
      5. International Community Standards Have Emerged
    3. Implementing P3P Makes Sense from Many Perspectives
  3. What is P3P and How Does it Work?
    1. The Basics of P3P
    2. What P3P is and What It is Not
    3. P3P User Agents in Action
  4. Preparing for the P3P Implementation
    1. Implement a Human Readable Privacy Policy
    2. Assemble the P3P Project Team
    3. Audit the Web Site for the P3P Implementation
    4. Decide How Many P3P Policies to Create
    5. Do Your P3P Homework
      1. Describing Data Collected on the Site
      2. Categorize the Purposes for which Your Organization Collects and Uses Information
      3. Categorize the Recipients of Information You Collect
      4. Clarify "opt-in" and "opt-out" Options Available to Your Web Site Visitors
  5. Creating, Testing and Deploying P3P Files
    1. Information to Have at Hand When Before Starting to Generate P3P policies
    2. Create P3P files with a P3P Policy Generator Tool
    3. Review the P3P Files Created by the Generator
    4. Discussion of Cookies and P3P
    5. Create a Deployment Plan
    6. Testing P3P Files on Your System
    7. Getting Help
    8. Tracking and Maintaining P3P Policies
    9. Conclusion and Guide to Appendix
  6. Appendix
    1. Base Data Schema
    2. Cookies in Microsoft Internet Explorer 6.0
    3. Basic Cookie Operations

For more information, contact the Internet Education Foundation at 202-638-4370 or email info@p3ptoolbox.org

=
P3P Implementation Guide
Table of Contents
Introduction
Section I
Section II
Section III
Section IV
Appendix

Please note that this document is a working draft for review and reference purposes only. Any questions or comments should be e-mailed to info@p3ptoolbox.org.