Privacy standard could bring clarity to customers

Canadian businesses should convert their Internet privacy policies into a new browser standard that can be understood by customers or risk losing business, privacy leaders told an IT audience this week.

The message came late Wednesday at a Toronto meeting convened by Ontario information and privacy commissioner Ann Cavoukian to publicize the recently released Platform for Privacy Preferences (P3P) developed by the World Wide Web Consortium.

“”Over time, if you don’t have P3P enabled, there will be an impact from your customers,”” Della Shea, manager of Web compliance for RBC Financial Services, said in an interview after describing to the audience how the bank is implementing the standard. So far it is one of the few Canadian companies with sites using the platform, which was launched in April.

Shea said the bank decided to P3P-enable its sites in part to show customers it is a leader in online privacy.

To impress the message on the roughly 200 people from a number of IT associations and governments who attended the presentation, Tim Berners-Lee, the founder of the World Wide Web and head of the consortium was brought in as cheerleader.

“”The time to implement it is now,”” he said.

P3P is a way of converting a privacy policy — which is usually written in confusing legalese, buried in most Web sites and seen by few — into extensible markup language (XML) that can be read by P3P-enabled browsers such as Internet Explorer 6.0 and Netscape 7.0.

These policies include what data is collected, the purposes for which it will be used, the ability to opt in or out, the data recipients and the data retention policy.

If a user has set the browser’s privacy preferences (found in IE 6.0 under Tools/Internet Options/Privacy), a P3P-enabled site will signal onscreen if it meets those limits. It would be up to the user to decide what to do if it doesn’t.

P3P policies can be set for different sections of a site — a shopping section, for example, could have a different policy than the home page.The idea is to increase the confidence of online shoppers to e-commerce with an easy-to-understand series of symbols.

However, P3P still has some gaps. It doesn’t yet cover Web-enabled mobile devices with their tiny screens, or sites with multiple partners linked by Web services, which could have multiple privacy policies. Nor does it ensure a site adheres to its privacy policies. And cookies are dealt with under a separate guideline.

Cavoukian, who helped develop the standard, admits P3P is a work in progress, but one online businesses must adopt as a first step. As for possible concerns by business that there’s already federal or provincial legislation with privacy demands, such as the draft Privacy of Personal Information Act written by the Ontario government, she’s dismissive.

“”It’s not about legislation,”” she said. “”The average person who goes to your Web site doesn’t know anything about what laws are out there. But if you want their business you want them to feel a sense of trust in the way they interrelate with your Web site, and they’re not going to have that unless they’re aware of your information-gathering practices.””

Surveys show 70 per cent of visitors leave sites when asked for what they believe is unjustified personal information, she noted.

For a free guide to setting up P3P, see

Several companies, including IBM and Montreal’s Zero Knowledge Systems, have free tools to help automate the conversion.

Comment: [email protected]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs