ghopp
/
server_playground
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Another abandoned server code base... this is kind of an ancestor of taskrambler.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
160 Commits
1 Branch
0 Tags
51 MiB
 
 
 
 
 
 
Tree: 2a98883031
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2a98883031'
${ noResults }
server_playground/doc/www.w3.org/TR/2011/WD-app-privacy-bp-20110804/index.html

748 lines
31 KiB
Raw Blame History

<!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
<html lang="en" dir="ltr">
<head>
<title>Web Application Privacy Best Practices</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<style type="text/css">
/*****************************************************************
* ReSpec CSS
* Robin Berjon (robin at berjon dot com)
* v0.05 - 2009-07-31
*****************************************************************/
/* --- INLINES --- */
em.rfc2119 {
text-transform: lowercase;
font-variant: small-caps;
font-style: normal;
color: #900;
}
h1 acronym, h2 acronym, h3 acronym, h4 acronym, h5 acronym, h6 acronym, a acronym,
h1 abbr, h2 abbr, h3 abbr, h4 abbr, h5 abbr, h6 abbr, a abbr {
border: none;
}
dfn {
font-weight: bold;
}
a.internalDFN {
color: inherit;
border-bottom: 1px solid #99c;
text-decoration: none;
}
a.externalDFN {
color: inherit;
border-bottom: 1px dotted #ccc;
text-decoration: none;
}
a.bibref {
text-decoration: none;
}
code {
color: #ff4500;
}
/* --- WEB IDL --- */
pre.idl {
border-top: 1px solid #90b8de;
border-bottom: 1px solid #90b8de;
padding: 1em;
line-height: 120%;
}
pre.idl::before {
content: "WebIDL";
display: block;
width: 150px;
background: #90b8de;
color: #fff;
font-family: initial;
padding: 3px;
font-weight: bold;
margin: -1em 0 1em -1em;
}
.idlType {
color: #ff4500;
font-weight: bold;
text-decoration: none;
}
/*.idlModule*/
/*.idlModuleID*/
/*.idlInterface*/
.idlInterfaceID {
font-weight: bold;
color: #005a9c;
}
.idlSuperclass {
font-style: italic;
color: #005a9c;
}
/*.idlAttribute*/
.idlAttrType, .idlFieldType {
color: #005a9c;
}
.idlAttrName, .idlFieldName {
color: #ff4500;
}
.idlAttrName a, .idlFieldName a {
color: #ff4500;
border-bottom: 1px dotted #ff4500;
text-decoration: none;
}
/*.idlMethod*/
.idlMethType {
color: #005a9c;
}
.idlMethName {
color: #ff4500;
}
.idlMethName a {
color: #ff4500;
border-bottom: 1px dotted #ff4500;
text-decoration: none;
}
/*.idlParam*/
.idlParamType {
color: #005a9c;
}
.idlParamName {
font-style: italic;
}
.extAttr {
color: #666;
}
/*.idlConst*/
.idlConstType {
color: #005a9c;
}
.idlConstName {
color: #ff4500;
}
.idlConstName a {
color: #ff4500;
border-bottom: 1px dotted #ff4500;
text-decoration: none;
}
/*.idlException*/
.idlExceptionID {
font-weight: bold;
color: #c00;
}
.idlTypedefID, .idlTypedefType {
color: #005a9c;
}
.idlRaises, .idlRaises a.idlType, .idlRaises a.idlType code, .excName a, .excName a code {
color: #c00;
font-weight: normal;
}
.excName a {
font-family: monospace;
}
.idlRaises a.idlType, .excName a.idlType {
border-bottom: 1px dotted #c00;
}
.excGetSetTrue, .excGetSetFalse, .prmNullTrue, .prmNullFalse, .prmOptTrue, .prmOptFalse {
width: 45px;
text-align: center;
}
.excGetSetTrue, .prmNullTrue, .prmOptTrue { color: #0c0; }
.excGetSetFalse, .prmNullFalse, .prmOptFalse { color: #c00; }
.idlImplements a {
font-weight: bold;
}
dl.attributes, dl.methods, dl.constants, dl.fields {
margin-left: 2em;
}
.attributes dt, .methods dt, .constants dt, .fields dt {
font-weight: normal;
}
.attributes dt code, .methods dt code, .constants dt code, .fields dt code {
font-weight: bold;
color: #000;
font-family: monospace;
}
.attributes dt code, .fields dt code {
background: #ffffd2;
}
.attributes dt .idlAttrType code, .fields dt .idlFieldType code {
color: #005a9c;
background: transparent;
font-family: inherit;
font-weight: normal;
font-style: italic;
}
.methods dt code {
background: #d9e6f8;
}
.constants dt code {
background: #ddffd2;
}
.attributes dd, .methods dd, .constants dd, .fields dd {
margin-bottom: 1em;
}
table.parameters, table.exceptions {
border-spacing: 0;
border-collapse: collapse;
margin: 0.5em 0;
width: 100%;
}
table.parameters { border-bottom: 1px solid #90b8de; }
table.exceptions { border-bottom: 1px solid #deb890; }
.parameters th, .exceptions th {
color: #fff;
padding: 3px 5px;
text-align: left;
font-family: initial;
font-weight: normal;
text-shadow: #666 1px 1px 0;
}
.parameters th { background: #90b8de; }
.exceptions th { background: #deb890; }
.parameters td, .exceptions td {
padding: 3px 10px;
border-top: 1px solid #ddd;
vertical-align: top;
}
.parameters tr:first-child td, .exceptions tr:first-child td {
border-top: none;
}
.parameters td.prmName, .exceptions td.excName, .exceptions td.excCodeName {
width: 100px;
}
.parameters td.prmType {
width: 120px;
}
table.exceptions table {
border-spacing: 0;
border-collapse: collapse;
width: 100%;
}
/* --- TOC --- */
.toc a {
text-decoration: none;
}
a .secno {
color: #000;
}
/* --- TABLE --- */
table.simple {
border-spacing: 0;
border-collapse: collapse;
border-bottom: 3px solid #005a9c;
}
.simple th {
background: #005a9c;
color: #fff;
padding: 3px 5px;
text-align: left;
}
.simple th[scope="row"] {
background: inherit;
color: inherit;
border-top: 1px solid #ddd;
}
.simple td {
padding: 3px 10px;
border-top: 1px solid #ddd;
}
.simple tr:nth-child(even) {
background: #f0f6ff;
}
/* --- DL --- */
.section dd > p:first-child {
margin-top: 0;
}
.section dd > p:last-child {
margin-bottom: 0;
}
.section dd {
margin-bottom: 1em;
}
.section dl.attrs dd, .section dl.eldef dd {
margin-bottom: 0;
}
/* --- EXAMPLES --- */
pre.example {
border-top: 1px solid #ff4500;
border-bottom: 1px solid #ff4500;
padding: 1em;
margin-top: 1em;
}
pre.example::before {
content: "Example";
display: block;
width: 150px;
background: #ff4500;
color: #fff;
font-family: initial;
padding: 3px;
font-weight: bold;
margin: -1em 0 1em -1em;
}
/* --- EDITORIAL NOTES --- */
.issue {
padding: 1em;
margin: 1em 0em 0em;
border: 1px solid #f00;
background: #ffc;
}
.issue::before {
content: "Issue";
display: block;
width: 150px;
margin: -1.5em 0 0.5em 0;
font-weight: bold;
border: 1px solid #f00;
background: #fff;
padding: 3px 1em;
}
.note {
margin: 1em 0em 0em;
padding: 1em;
border: 2px solid #cff6d9;
background: #e2fff0;
}
.note::before {
content: "Note";
display: block;
width: 150px;
margin: -1.5em 0 0.5em 0;
font-weight: bold;
border: 1px solid #cff6d9;
background: #fff;
padding: 3px 1em;
}
/* --- Best Practices --- */
div.practice {
border: solid #bebebe 1px;
margin: 2em 1em 1em 2em;
}
span.practicelab {
margin: 1.5em 0.5em 1em 1em;
font-weight: bold;
font-style: italic;
}
span.practicelab { background: #dfffff; }
span.practicelab {
position: relative;
padding: 0 0.5em;
top: -1.5em;
}
p.practicedesc {
margin: 1.5em 0.5em 1em 1em;
}
@media screen {
p.practicedesc {
position: relative;
top: -2em;
padding: 0;
margin: 1.5em 0.5em -1em 1em;
}
/* --- SYNTAX HIGHLIGHTING --- */
pre.sh_sourceCode {
background-color: white;
color: black;
font-style: normal;
font-weight: normal;
}
pre.sh_sourceCode .sh_keyword { color: #005a9c; font-weight: bold; } /* language keywords */
pre.sh_sourceCode .sh_type { color: #666; } /* basic types */
pre.sh_sourceCode .sh_usertype { color: teal; } /* user defined types */
pre.sh_sourceCode .sh_string { color: red; font-family: monospace; } /* strings and chars */
pre.sh_sourceCode .sh_regexp { color: orange; font-family: monospace; } /* regular expressions */
pre.sh_sourceCode .sh_specialchar { color: #ffc0cb; font-family: monospace; } /* e.g., \n, \t, \\ */
pre.sh_sourceCode .sh_comment { color: #A52A2A; font-style: italic; } /* comments */
pre.sh_sourceCode .sh_number { color: purple; } /* literal numbers */
pre.sh_sourceCode .sh_preproc { color: #00008B; font-weight: bold; } /* e.g., #include, import */
pre.sh_sourceCode .sh_symbol { color: blue; } /* e.g., *, + */
pre.sh_sourceCode .sh_function { color: black; font-weight: bold; } /* function calls and declarations */
pre.sh_sourceCode .sh_cbracket { color: red; } /* block brackets (e.g., {, }) */
pre.sh_sourceCode .sh_todo { font-weight: bold; background-color: #00FFFF; } /* TODO and FIXME */
/* Predefined variables and functions (for instance glsl) */
pre.sh_sourceCode .sh_predef_var { color: #00008B; }
pre.sh_sourceCode .sh_predef_func { color: #00008B; font-weight: bold; }
/* for OOP */
pre.sh_sourceCode .sh_classname { color: teal; }
/* line numbers (not yet implemented) */
pre.sh_sourceCode .sh_linenum { display: none; }
/* Internet related */
pre.sh_sourceCode .sh_url { color: blue; text-decoration: underline; font-family: monospace; }
/* for ChangeLog and Log files */
pre.sh_sourceCode .sh_date { color: blue; font-weight: bold; }
pre.sh_sourceCode .sh_time, pre.sh_sourceCode .sh_file { color: #00008B; font-weight: bold; }
pre.sh_sourceCode .sh_ip, pre.sh_sourceCode .sh_name { color: #006400; }
/* for Prolog, Perl... */
pre.sh_sourceCode .sh_variable { color: #006400; }
/* for LaTeX */
pre.sh_sourceCode .sh_italics { color: #006400; font-style: italic; }
pre.sh_sourceCode .sh_bold { color: #006400; font-weight: bold; }
pre.sh_sourceCode .sh_underline { color: #006400; text-decoration: underline; }
pre.sh_sourceCode .sh_fixed { color: green; font-family: monospace; }
pre.sh_sourceCode .sh_argument { color: #006400; }
pre.sh_sourceCode .sh_optionalargument { color: purple; }
pre.sh_sourceCode .sh_math { color: orange; }
pre.sh_sourceCode .sh_bibtex { color: blue; }
/* for diffs */
pre.sh_sourceCode .sh_oldfile { color: orange; }
pre.sh_sourceCode .sh_newfile { color: #006400; }
pre.sh_sourceCode .sh_difflines { color: blue; }
/* for css */
pre.sh_sourceCode .sh_selector { color: purple; }
pre.sh_sourceCode .sh_property { color: blue; }
pre.sh_sourceCode .sh_value { color: #006400; font-style: italic; }
/* other */
pre.sh_sourceCode .sh_section { color: black; font-weight: bold; }
pre.sh_sourceCode .sh_paren { color: red; }
pre.sh_sourceCode .sh_attribute { color: #006400; }
</style><link href="http://www.w3.org/StyleSheets/TR/W3C-WD" rel="stylesheet" type="text/css" charset="utf-8"></head><body style="display: inherit; "><div class="head"><p><a href="http://www.w3.org/"><img width="72" height="48" src="http://www.w3.org/Icons/w3c_home" alt="W3C"></a></p><h1 class="title" id="title">Web Application Privacy Best Practices</h1><h2 id="w3c-working-draft-04-august-2011">W3C Working Draft 04 August 2011</h2><dl><dt>This version:</dt><dd><a href="http://www.w3.org/TR/2011/WD-app-privacy-bp-20110804/">http://www.w3.org/TR/2011/WD-app-privacy-bp-20110804/</a></dd><dt>Latest published version:</dt><dd><a href="http://www.w3.org/TR/app-privacy-bp/">http://www.w3.org/TR/app-privacy-bp/</a></dd><dt>Latest editor's draft:</dt><dd><a href="http://dev.w3.org/2009/dap/privacy-practices/">http://dev.w3.org/2009/dap/privacy-practices/</a></dd><dt>Previous version:</dt><dd>none</dd><dt>Editor:</dt><dd><span>Frederick Hirsch</span>, <a href="http://www.nokia.com/">Nokia</a></dd>
</dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2011 <a href="http://www.w3.org/"><acronym title="World Wide Web Consortium">W3C</acronym></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute of Technology">MIT</acronym></a>, <a href="http://www.ercim.eu/"><acronym title="European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p><hr></div>
<div id="abstract" class="introductory section"><h2>Abstract</h2>
This document describes privacy best practices for web
applications, including those that might use device
APIs.
</div><div id="sotd" class="introductory section"><h2>Status of This Document</h2><p><em>This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the <a href="http://www.w3.org/TR/">W3C technical reports index</a> at http://www.w3.org/TR/.</em></p>
<p>
This is a First Public Working Draft of a document that is expected to
be further updated based on both Working
Group input and public comments. The Working Group anticipates to
eventually publish a stabilized version of this document as a W3C
Working Group Note.
</p>
<p>This document was published by the <a href="http://www.w3.org/2009/dap/">Device APIs and Policy Working Group</a> as a Working Draft. If you wish to make comments regarding this document, please send them to <a href="mailto:public-device-apis@w3.org">public-device-apis@w3.org</a> (<a href="mailto:public-device-apis-request@w3.org?subject=subscribe">subscribe</a>, <a href="http://lists.w3.org/Archives/Public/public-device-apis/">archives</a>). All feedback is welcome.</p><p>Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.</p><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 W3C Patent Policy</a>. The group does not expect this document to become a W3C Recommendation. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/43696/status" rel="disclosure">public list of any patent disclosures</a> made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the W3C Patent Policy</a>.</p></div><div id="toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a></li><li class="tocline"><a href="#privacybydesign" class="tocxref"><span class="secno">2. </span>Privacy By Design</a></li><li class="tocline"><a href="#usercentric" class="tocxref"><span class="secno">3. </span>User Centric Design</a></li><li class="tocline"><a href="#data-minimization" class="tocxref"><span class="secno">4. </span>Minimize collection and
transmission of personal data</a></li><li class="tocline"><a href="#data-confidentiality" class="tocxref"><span class="secno">5. </span>Maintain the confidentiality of personal data</a></li><li class="tocline"><a href="#access-log" class="tocxref"><span class="secno">6. </span>Control and log access</a></li><li class="tocline"><a href="#bp-summary" class="tocxref"><span class="secno">7. </span>Best Practices Summary</a></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div> <!-- abstract -->
<div id="introduction" class="section">
<!--OddPage--><h2><span class="secno">1. </span>Introduction</h2>
<p>
This document outlines good privacy practices for web
applications, including those that might use
device APIs. This continues the work on privacy best practices
in section 3.3.1 on "User Awareness and Control" Mobile Web Application Best Practices [<cite><a class="bibref" rel="biblioentry" href="#bib-MWABP">MWABP</a></cite>]. It does not repeat the privacy principles and
requirements documented in the Device API Privacy Requirements Note
[<cite><a class="bibref" rel="biblioentry" href="#bib-DAP-PRIVACY-REQS">DAP-PRIVACY-REQS</a></cite>] which should also be consulted.
</p>
</div>
<div id="privacybydesign" class="section">
<!--OddPage--><h2><span class="secno">2. </span>Privacy By Design</h2>
<p>
The principles of "Privacy by Design" should be reflected in the
web application design and implementation, including the use
of device APIs.
These are enumerated below and in more detail in the reference
[<cite><a class="bibref" rel="biblioentry" href="#bib-PRIVACY-BY-DESIGN">PRIVACY-BY-DESIGN</a></cite>].</p>
<div class="practice">
<p>
<span id="bp-privacy-by-design" class="practicelab">Best Practice 1: Follow "Privacy By Design" principles</span>.</p>
<p class="practicedesc">
Proactively consider privacy, make preservation of
privacy the default, including privacy in a
user-centric and transparent design without making
tradeoffs against privacy for other features as
privacy is possible along with other functionality.
</p>
<p>These principles include the following:</p>
<ol>
<li>Proactive not Reactive; Preventative not Remedial</li>
<li>Privacy as the Default Setting</li>
<li>Privacy Embedded into Design</li>
<li> Full Functionality — Positive-Sum, not Zero-Sum</li>
<li>End-to-End Security — Full Lifecycle Protection</li>
<li>Visibility and Transparency — Keep it Open</li>
<li>Respect for User Privacy — Keep it User-Centric</li>
</ol>
</div>
</div>
<div id="usercentric" class="section">
<!--OddPage--><h2><span class="secno">3. </span>User Centric Design</h2>
<p>Privacy should be user centric, giving the user understanding
and control over use of their personal data.</p>
<div class="practice">
<p><span id="bp-user-driven" class="practicelab">Best Practice 2: Enable the user to make informed decisions about
sharing their personal information with a service.
</span></p>
<p class="practicedesc">
The end user should have enough information about a service
and how it will user their personal information to make an
informed decision on whether to share information with that service.
This should include understanding of the data to be shared,
clarity about how long data will be kept
and information with whom it will be shared (and for what purpose).
</p>
</div>
<div class="practice">
<p><span id="bp-choices-in-context" class="practicelab">Best Practice 3: Enable the user to make decisions at the
appropriate time with the correct contextual information.
</span></p>
<p class="practicedesc">
The user should have the opportunity to decide whether to
share information (and what to share) at the time it is
needed. This is necessary as the decision can depend on the
context, including the details of what the user is trying to
accomplish, the details of that task, and differences in how
the service will operate, use and share data.
</p>
<!-- <p class="practicedesc"> -->
<!-- Examples are the presentation of a "picker" -->
<!-- interface to a user for selecting contacts fields of -->
<!-- potential contacts returned from a find operation in -->
<!-- the contacts API [[CONTACTS-API]], or the selection -->
<!-- of a file in -->
<!-- response to HTML5 <code>&lt;input type="file"&gt;</code> markup -->
<!-- [[HTML5]]. In each of these cases a user makes a -->
<!-- decision of what to share in the context of their -->
<!-- current activity and indicates that decision through -->
<!-- the selection process. -->
<!-- </p> -->
<!-- <p class="practicedesc"> -->
<!-- Another similar example is -->
<!-- drag and drop in HTML5 where a user clearly indicates a -->
<!-- desired sharing of information. -->
<!-- </p> -->
<!-- <p class="practicedesc"> -->
<!-- These are examples of granting permission implicitly -->
<!-- through action.</p> -->
</div>
<div class="practice">
<p><span id="bp-sp-choices" class="practicelab">Best Practice 4: When learning user privacy
decisions and providing defaults, allow the user to easily view and
change these previous decisions.
</span></p>
<p class="practicedesc">
A service may learn and remember personal information of a
user in order to improve a service. One example is
remembering a billing address, another might be remembering
payment information. When doing so the service should make it
clear to a user which information is retained, how it is
used, and give the user an opportunity to correct or remove
the information.
</p>
</div>
<div class="practice">
<p><span id="bp-usability" class="practicelab">Best Practice 5: Focus on usability and avoid needless prompting.
</span></p>
<p class="practicedesc">
Focus on usability should improve a service as well as
making it easier for a user to understand and control use of their
personal information. Minimize use of modal dialogs as they
harm the user experience and many users will not understand how to
respond to prompts, choosing a choice that enables them to
continue their work
[<cite><a class="bibref" rel="biblioentry" href="#bib-GEOLOCATION-PRIVACY">GEOLOCATION-PRIVACY</a></cite>].
</p>
</div>
<div class="practice">
<p><span id="bp-clarity" class="practicelab">Best Practice 6: Be clear and
transparent to users regarding
potential privacy concerns.
</span></p>
<p class="practicedesc">
The end user should understand if information is being used
by the service itself or being shared with a third
party, especially when third party services are
involved in a "mashup".
</p>
</div>
<div class="practice">
<p><span id="bp-clarify-one-shot-or-repeated" class="practicelab">Best Practice 7: Be clear as to whether information is
needed on a one-time basis or is necessary for a period of
time and for how long.
</span></p>
<p class="practicedesc">
The end user should understand whether information collected is
for a single use or will be retained and have an impact over time.
</p>
</div>
</div>
<div id="data-minimization" class="section">
<!--OddPage--><h2><span class="secno">4. </span>Minimize collection and
transmission of personal data</h2>
<p>Review the data and how it is structured and used, minimizing
the amount and detail of data required to provide a service.
</p>
<div class="practice">
<p><span id="bp-data-granularity" class="practicelab">Best Practice 8: Request the minimum number of data
items at the
minimum level of detail needed to provide a service.</span></p>
<p class="practicedesc">
As an example, an address book entry is not the
natural level of granularity as a user may wish to
share various individual address
book fields independently. Thus the natural level of
granularity in an address book is a field and no
more than the necessary fields should be provided in
response to
an address book entry request.
</p>
</div>
<div class="practice">
<p><span id="bp-data-retention" class="practicelab">Best Practice 9:
Retain the minimum amount of data at the minimum level of detail for
the minimum amount of time needed.
Consider potential misuses of retained data and
possible countermeasures.
</span></p>
<p class="practicedesc">
As an example, retaining user payment information
entails the risk of this information being stolen and
misused. Perhaps it does not need to be retained but
if it is (with user permission) perhaps it should be
encrypted (to give one possible countermeasure).
</p>
</div>
</div>
<div id="data-confidentiality" class="section">
<!--OddPage--><h2><span class="secno">5. </span>Maintain the confidentiality of personal data</h2>
<div class="practice">
<p><span id="bp-use-https" class="practicelab">Best Practice 10:
Maintain the confidentiality of user data in
transmission, for example using <code>HTTPS</code> for
transport rather than <code>HTTP</code>.
</span></p>
<p class="practicedesc">
Use of <code>HTTPS</code> can provide confidentiality of
personal data in
transport when an appropriate cipher suite is
required. This should be done for sensitive personal
information unless confidentiality can be assured by other means.
</p>
</div>
<div class="practice">
<p><span id="bp-secure-storage" class="practicelab">Best Practice 11:
Maintain the confidentiality of user data in
storage.
</span></p>
<p class="practicedesc">
The confidentiality of personal information should be
maintained when in storage, to prevent inadvertent or
malicious loss (e.g. break in to a server, theft of backups
or other threats).
</p>
</div>
</div>
<div id="access-log" class="section">
<!--OddPage--><h2><span class="secno">6. </span>Control and log access</h2>
<div class="practice">
<p><span id="bp-audit-log" class="practicelab">Best Practice 12: Control and log access to data.</span></p>
<p class="practicedesc">
Control access to information through access controls and
log access.
</p>
</div>
</div>
<div id="bp-summary" class="section"><!--OddPage--><h2><span class="secno">7. </span>Best Practices Summary</h2><ul><li><a href="#bp-privacy-by-design">Best Practice 1</a>: Follow "Privacy By Design" principles</li><li><a href="#bp-user-driven">Best Practice 2</a>: Enable the user to make informed decisions about
sharing their personal information with a service.
</li><li><a href="#bp-choices-in-context">Best Practice 3</a>: Enable the user to make decisions at the
appropriate time with the correct contextual information.
</li><li><a href="#bp-sp-choices">Best Practice 4</a>: When learning user privacy
decisions and providing defaults, allow the user to easily view and
change these previous decisions.
</li><li><a href="#bp-usability">Best Practice 5</a>: Focus on usability and avoid needless prompting.
</li><li><a href="#bp-clarity">Best Practice 6</a>: Be clear and
transparent to users regarding
potential privacy concerns.
</li><li><a href="#bp-clarify-one-shot-or-repeated">Best Practice 7</a>: Be clear as to whether information is
needed on a one-time basis or is necessary for a period of
time and for how long.
</li><li><a href="#bp-data-granularity">Best Practice 8</a>: Request the minimum number of data
items at the
minimum level of detail needed to provide a service.</li><li><a href="#bp-data-retention">Best Practice 9</a>:
Retain the minimum amount of data at the minimum level of detail for
the minimum amount of time needed.
Consider potential misuses of retained data and
possible countermeasures.
</li><li><a href="#bp-use-https">Best Practice 10</a>:
Maintain the confidentiality of user data in
transmission, for example using <code>HTTPS</code> for
transport rather than <code>HTTP</code>.
</li><li><a href="#bp-secure-storage">Best Practice 11</a>:
Maintain the confidentiality of user data in
storage.
</li><li><a href="#bp-audit-log">Best Practice 12</a>: Control and log access to data.</li></ul></div>
<div id="references" class="appendix section"><!--OddPage--><h2><span class="secno">A. </span>References</h2><div id="normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><p>No normative references.</p></div><div id="informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography"><dt id="bib-DAP-PRIVACY-REQS">[DAP-PRIVACY-REQS]</dt><dd>Alissa Cooper, Frederick Hirsch, John Morris. <a href="http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/"><cite>Device API Privacy Requirements</cite></a> 29 June 2010. W3C Note URL: <a href="http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/">http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/</a>
</dd><dt id="bib-GEOLOCATION-PRIVACY">[GEOLOCATION-PRIVACY]</dt><dd>Marcos Cáceres <a href="http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-21.pdf"><cite>Privacy of Geolocation Implementations</cite></a>, "W3C Workshop on Privacy for Advanced Web APIs" paper, 12/13 July 2010. URL: <a href="http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-21.pdf">http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-21.pdf</a>
</dd><dt id="bib-MWABP">[MWABP]</dt><dd>Adam Connors; Bryan Sullivan. <a href="http://www.w3.org/TR/2010/REC-mwabp-20101214/">Mobile Web Application Best Practices.</a> 14 December 2010. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2010/REC-mwabp-20101214/">http://www.w3.org/TR/2010/REC-mwabp-20101214/</a>
</dd><dt id="bib-PRIVACY-BY-DESIGN">[PRIVACY-BY-DESIGN]</dt><dd>Ann Cavoukian, PhD. <a href="http://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf"><cite>Privacy By Design: The 7 Foundational Principles</cite></a>. August 2009, revised January 2011. URL: <a href="http://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf">http://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf</a>
</dd></dl></div></div></body></html>