HHS Machine-Readable Privacy Policy Guide - Substance Abuse ...
HHS Machine-Readable Privacy Policy Guide - Substance Abuse ...
HHS Machine-Readable Privacy Policy Guide - Substance Abuse ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Machine</strong>-<strong>Readable</strong> <strong>Privacy</strong> <strong>Policy</strong> <strong>Guide</strong><br />
US Department of Health and Human Services<br />
Stated<br />
Purpose<br />
Legal<br />
Requirement<br />
Business<br />
Practices<br />
Indefinitely<br />
Information is retained briefly and destroyed at the earliest possible<br />
opportunity. The website human-readable privacy notice must have<br />
a data destruction timetable or a hyperlink to the data destruction<br />
timetable.<br />
Information is kept to meet a stated purpose; however, the<br />
retention period is longer due to a legal requirement. The website<br />
human-readable privacy notice must have data destruction or a<br />
hyperlink to the data destruction timetable.<br />
Information is retained for stated business purpose. The website<br />
human- readable privacy notice must have data destruction or a<br />
hyperlink to the data destruction timetable.<br />
Information is retained for an indefinite time.<br />
5.5.8 <strong>Policy</strong> Expiration Date<br />
Data expiration describes the lifetime of the machine-readable policy. The default<br />
expiration time is 24 hours. The default is generally determined to be an adequate<br />
expiry. If the default is not sufficient, websites can claim either a relative or absolute<br />
time of expiry. Table 8 lists the policy expirations.<br />
Table 8. <strong>Policy</strong> Expiration<br />
Expiration<br />
Default<br />
Absolute<br />
Relative<br />
Purpose<br />
The policy reference file and policy file have a life of 24 hours.<br />
The policy reference file and policy file have a lifetime expressed in<br />
Greenwich Mean Time (GMT). An example of GMT is Sun, 07 2008<br />
08:49:37 GMT.<br />
The policy reference file and policy file have a lifetime expressed in<br />
seconds from the time the response is sent from the original<br />
server. An example of a relative time of expiry is max-age<br />
“172800.”<br />
5.5.9 Conduct Cookie Analysis<br />
Cookies are small bits of text that are sent to a website’s HTTP headers. Cookies are<br />
stored on the computer and are used by websites to store identification numbers,<br />
information about your activities on the website, or information about the<br />
configuration options you have chosen on the website. Cookies come in two types:<br />
session and persistent. Session cookies expire at the end of a browser session.<br />
Persistent cookies remain on the computer over several browser sessions. Federal<br />
websites may only use session cookies, unless the website has obtained permission<br />
from the head of the agency.<br />
With the advancement of customized browser settings, consumers have more control<br />
over how cookies are stored and accepted. The P3P specification has a policy option<br />
Page 31