Make Your Web Site P3P Compliant

How to Create and Publish Your Company's P3P Policy (in 6 Easy Steps)

1. Create a written privacy policy for your company or organization. You may want to consult the P3P Guiding Principles Document for resources and helpful hints. If you already have a policy, you will probably want to review it with its authors who wrote it. Make sure to note all of the data you collect, what you do with that data, who has access to it, and for how long you keep it. These pieces of your policy will later be read into a P3P generator that will create a machine-readable version of your policy.

2. At this point, you should decide what policies apply to what pages on the site. Many companies have more than one P3P policy depending on how many different data collection techniques and purposes for different pages. This way, a user will know exactly how their data will be used for a given page or form. Of course, a user can always reference the written policy to see the overall practices of the site, but specifying practices for certain directories or pages often will make browsing more seamless for the average user. more information

3. Next, select a P3P Policy generator to use. The following generators are currently available:

Take your company's existing privacy policy, or the one that you've just written, and use it to guide you through the generation process. Print out the current P3P Specification available from the W3C P3P site. You will need to note the following features:

more information

4. Enter the necessary information into the P3P generator. Make sure you fill in all necessary fields and descriptions (P3P files include several human-readable components so that users can quickly find out important information such as a contact address in the Entity field). Common P3P generators will have an error-checking function that will alert you to omitted or incorrectly entered information. Save this file as policy1.xml. If you have multiple P3P policies (for sites with various, specific privacy policies), number them accordingly (policy2.xml, policy3.xml, and so on) more information

5. The generator should also create a policy reference file for you. This file will instruct web browsers where to look for the P3P policy on any given page. You should save this file as p3p.xml. You should then upload both the P3P policy file(s) and the policy reference file to your server's root directory. more information

6. The final step is making sure that you've done everything correctly. You can simply go to http://www.w3.org/P3P/validator.html and enter any URL on your site and it will tell you if there are any errors. If there are errors, you may want to go back to Step 3. When you are finished with this process, you will be asked if you wish to be listed on our list of web sites using P3P.

Note: The P3P specification will likely change over the next few months. As a result, you may have to update the P3P policy that you are creating now.

Copyright1997-2000 W3C (MIT, INRIA, Keio ), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply. Your interactions with this site are in accordance with our public and Member privacy statements.

last revised $Date: 2002/01/31 10:39:19 $ by $Author: koike $