Check Points and detail of this report follow:
- 1. Privacy Policy
- 2. Form Data Collection and Submission
- 3. Web Beacons
- 4. Use of Cookies
Specific Quality Checks for Privacy - Descriptions
The following section describes what checkpoints are being run with this content quality assurance checklist for your content management needs. The checkpoints are described as well as information on why these checks are important.
1 - Privacy Policy
Your web site should clearly define your privacy policy. A privacy policy assists your visitors in understanding your organizations practices in capturing and/or distributing visitor/customer information, that you may require users to submit. This is particularly important if you require visitors to provide personal information in order for them to access areas of your Web site. If you do not have a clearly documented privacy policy on your Web site, you may risk losing visitors wary of providing their information, and you also may expose yourself to unnecessary risk of litigation. While it is recommended that you use a privacy information link on every page to identify your privacy policy, some organizations will incorrectly verify "form" pages only or pages with "mailto" links. We offer all three checks in these checkpoints. Additionally, if your site is P3P enabled, we provide a checkpoint to validate that the link to the P3P policy reference file exists. You can modify as required.
1.1 Validate Privacy Policy link exists on page
Every page should contain a link to your web sites privacy policy. This check validates that the link you specify is found in your content.
1.2 Validate all pages with forms have a privacy policy link
Every page with a form should contain a link to your web sites privacy policy. This check validates that the link you specify is found in your content when a form is found.
1.3 Validate all pages with mailto links have a privacy policy link
Every page with a mailto link should contain a link to your web sites privacy policy. This check validates that the link you specify is found in your content when a mailto link is found.
1.4 Validate all pages have a Link Element pointing to P3P policy reference file
When a web site is P3P enabled, every page should reference the web site P3P policy reference file. This can be done by either using an HTML LINK element in the head section of your page or through an HTTP header passed to user agents when pages are requested from your server. This check validates that a Link Element that points to a P3P Policy reference file is found in your page.
1.5 Validate that P3P policy reference file exists in the root of page's site
When a web site is P3P enabled, the web site P3P policy reference file (p3p.xml) should exist in the site's root folder. This check validates that the P3P Policy reference file is found in the site's root folder.
2 - Form Data Collection and Submission
If there are pages on your web site that collect data through forms, you will want to be sure of what, where and how that data is submitted for processing. These checkpoints allow you to identify Forms and form controls used on your pages.
2.1 Identify Pages that use Forms
Pages that collect and submit data can present Privacy issues. Since electronic forms are mainly used to collect data from users of your web site, you should be aware of all pages that contain forms and be sure that the data being collected complies with you privacy policy. This check identifies all form elements, if any, located on a page.
2.2 Identify Pages that have Forms using the GET method
Forms that submit data using the GET method can present Privacy issues. Since electronic forms are mainly used to collect data from users of your web site, you should be aware of all pages that contain forms and be sure that the data being collected complies with you privacy policy. A form using the GET method to submit data is not submitting the data in a secure manner. This check identifies all form elements, if any, located on a page that use the GET method.
2.3 Identify Input Elements on page
This check identifies all Input elements located on a page. Input elements are a way that users can enter personal information that will be transmitted when the form is submitted. By identifying the location of these elements, you can examine what data that is being collected and be sure that the method and use of the data complies with your privacy policy.
2.4 Identify TextArea Elements on page
This check identifies all TextArea elements located on a page. TextArea elements are a way that users can enter personal information that will be transmitted when the form is submitted. By identifying the location of these elements, you can examine what data that is being collected and be sure that the method and use of the data complies with your privacy policy.
2.5 Identify Select Elements on page
This check identifies all Select elements located on a page. Select elements are a way that users can enter personal information that will be transmitted when the form is submitted. By identifying the location of these elements, you can examine what data that is being collected and be sure that the method and use of the data complies with your privacy policy.
3 - Web Beacons
Your web site can contain images that actually exist on other sites. These checkpoints help identify those images.
3.1 Identify IMG Element Web Beacons
This checkpoint identifies all IMG elements, if any, located on the page that have a src attribute pointing to an external web site.
3.2 Identify Input Elements of type Image Web Beacons
This checkpoint identifies all Input Elements of type Image, if any, located on the page that have a src attribute pointing to an external web site.
4 - Cookies
A cookie is a file placed from the web server to the user's machine so it can remember something about you later or track where you go. It may remember an IP address, or what you added to a shopping cart or other information. US Federal Government web sites are not allowed to set cookies on a user's system.
4.1 Validate that the page does not set cookies
This checkpoint validates that the page does not set cookies
|
