No one likes their privacy being invaded, and whilst on the web it should not be an exception, so you should implement a P3P policy to give customers satisfaction that you respect their privacy. It will also give them some indication of what data you are collecting, or plan to collect.
As with most things on the web, the W3C have an initiative for standardising how privacy policies should be dealt with on websites. This, they refer to as the P3P Initiative.
<?xml version="1.0" encoding="utf-8"?> <policies xmlns="http://www.w3.org/2002/01/P3Pv1"> <policy name="Privacy" discuri="http://www.example.com/policy.html" opturi="http://www.example.com/policy.html" xml:lang="en"> <entity> <data-group> <data ref="#business.name">Example Company</data> <data ref="#business.contact-info.online.uri">http://www.example.com</data> </data-group> </entity> <access> <none /> </access> <disputes-group> <disputes resolution-type="service" service="http://www.example.com/policy.html" short-description="Disputes"> <remedies> <correct /> </remedies> </disputes> </disputes-group> <statement> <consequence> </consequence> <purpose> <admin required="always" /> <develop required="always" /> </purpose> <recipient> <ours /> </recipient> <retention> <indefinately /> </retention> </statement> </policy> </policies>
The above is a sample of XML that is used to describe a group of policies. This particular example only contains one policy. After the XML declaration we have a tag to specify that what follows is 1 or more policies also specifying the namespace for P3P version 1. After that we have the definition of the policy called "Privacy" followed by two URLs of where a written description of it can be found. Inside this the first block,
entity refers to the data group(s) that the data is held by. In this example there is one data group with their contact details being specified as being called "Example Company" and their website.