Home Services Portfolio Kolb Net Works, Inc

Kolb Net Works, Inc - Powerful Web Solutions

Privacy Policy Guidelines

Your privacy policy should cover the following areas and answer the following questions:

  • What personal information is gathered?
    • Personal information submitted through forms
    • IP address, browser used, referring url and other technical information
  • How will the personal information be used?
  • Will the personal information be shared with any other company?
  • What security procedures are being used to safeguard data?
  • Is a cookie being stored on the user's system?
  • Is the user's visit being logged by the web server?
  • How can inaccurate information be changed?
  • Are third party advertisers tracking ad views?
  • Will the user's email address be used for unsolicited email or marketing?
  • What provisions have been made for dispute resolution?

Technical Information

When a web browser requests a web page, it usually sends information about the user's web browser software (known as the user agent), the operating system being used, the IP address (so the reply can come back to the requesting computer), and sometimes the referring url (what web page link sent the request). Therefore you should assume that your web site will have this information available to it. The web server will almost always be logging visits and will gather the technical information described above.

Web Applications

If your web site features a web application that uses Active Server Page scripts then it will be using a temporary cookie to store an identification number for the user session. The user will need to accept this cookie to use the web application and your privacy policy should make it clear that the cookie is for that purpose. JavaScript may also be used to store a cookie on a user's system if there is a need to store a value. Your privacy policy should mention why a cookie is being used. For example, JavaScript may be used to detect the user's screen resolution so subsequent web pages can be rendered properly.

Web Forms

If your web site uses forms to gather contact information and email addresses then you need to explain what this information will be used for, how it will be stored and kept secure, and with whom you plan to share this information. The user must also be provided with a means to change the information or request the deletion of the information. Information entered into a web form can be sent to an email address as plain text (unencrypted), stored on the web server as a text file, or inserted into a database table as a new record. If a credit card number is entered into a web form it should never be emailed or passed along to another script unless the web site is using SSL (Secured Socket Layer) encryption. Information stored in a database must be secured against unauthorized queries and information stored in a text file or any other kind of file format must not be downloadable.

Important Considerations

1. Adoption and Implementation of a Privacy Policy
An organization engaged in online activities or electronic commerce has a responsibility to adopt and implement a policy for protecting the privacy of individually identifiable information. Organizations should also take steps that foster the adoption and implementation of effective online privacy policies by the organizations with which they interact; e.g., by sharing best practices with business partners.

2. Notice and Disclosure

An organization's privacy policy must be easy to find, read and understand. The policy must be available prior to or at the time that individually identifiable information is collected or requested.

The policy must state clearly: what information is being collected; the use of that information; possible third party distribution of that information; the choices available to an individual regarding collection, use and distribution of the collected information; a statement of the organization's commitment to data security; and what steps the organization takes to ensure data quality and access.

The policy should disclose the consequences, if any, of an individual's refusal to provide information. The policy should also include a clear statement of what accountability mechanism the organization uses, including how to contact the organization.

3. Choice/Consent

Individuals must be given the opportunity to exercise choice regarding how individually identifiable information collected from them online may be used when such use is unrelated to the purpose for which the information was collected. At a minimum, individuals should be given the opportunity to opt out of such use.

Additionally, in the vast majority of circumstances, where there is third party distribution of individually identifiable information, collected online from the individual, unrelated to the purpose for which it was collected, the individual should be given the opportunity to opt out.

Consent for such use or third party distribution may also be obtained through technological tools or opt-in.

4. Data Security

Organizations creating, maintaining, using or disseminating individually identifiable information should take appropriate measures to assure its reliability and should take reasonable precautions to protect it from loss, misuse or alteration. They should take reasonable steps to assure that third parties to which they transfer such information are aware of these security practices, and that the third parties also take reasonable precautions to protect any transferred information.

5. Data Quality and Access

Organizations creating, maintaining, using or disseminating individually identifiable information should take reasonable steps to assure that the data are accurate, complete and timely for the purposes for which they are to be used.

Organizations should establish appropriate processes or mechanisms so that inaccuracies in material individually identifiable information, such as account or contact information, may be corrected. These processes and mechanisms should be simple and easy to use, and provide assurance that inaccuracies have been corrected. Other procedures to assure data quality may include use of reliable sources and collection methods, reasonable and appropriate consumer access and correction, and protections against accidental or unauthorized alteration.
 

Sample Privacy Policies

TRUSTe has a model privacy statement that you can base your privacy policy upon.

The IBM P3P Policy Editor generates a privacy policy based upon the information you provide. You can view the test policy created for this web site.

Internet Explorer 6.0 supports the P3P (Platform for Privacy Preferences) standard. A web site provides information on its privacy policies to this browser using XML and a P3P file. To see this in action, browse to the home page of www.knwsupport.com using Internet Explorer 6.0. Select View and then Privacy Report... from the browser's menu. Highlight www.knwsupport.com in the list of web pages and click the Summary button. You should see a short summary of our privacy policy. If the browser has a problem finding the xml or p3p file or encounters a syntax error it will tell you it can't find a privacy policy for this web site. NOTE: Not all browsers support this standard and very few users can be expected to use this feature.

Update - Netscape 7

The new version of the Netscape browser has added support for P3P. See screen shot below.

 

<<back
 
Portfolio News About Us Client Area
 
Kolb Net Works, Inc.
334 East 4th Street
Williamsport, PA 17701

Toll Free: (866) 573-9788 Phone: (570) 326-2888
Fax: (570) 279-4111
Email: info@kolbweb.com

 

Copyright Kolb Net Works, Inc. - Web Solutions by Kolb Net Works, Inc.