A Method and Means to Relate Web Page Form Fields to Policy Statements and Other Structured Data
Original Publication Date: 2002-Oct-18
Included in the Prior Art Database: 2003-Jun-21
A system is disclosed that related Web Page form fields to policy statements and other structured data. We have developed two approaches to relate web page form fields to (P3P) policy statements. The first extends the current P3P data type definition (DTD), and the second (preferred embodiment) makes use of an Resource Description Framework (RDF) binding for P3P which greatly simplifies solution to this problem. Motivation: Privacy management (and legislation) requires that web sites, which gather Personnally Identifiable Information (PII data), store Privacy Policies together with Data Instances (as opposed to relating policies to Data Types or database columns). This is necessary for a variety of reasons. Policies can expire or may be negotiated or changed on a transaction by transaction basis. Therefore, it is essential to attach or relate policy instances to data instances at the time data is acquired by a website. Unfortunately, many sites developed data collection mechanisms over time without a plan to manage privacy policies. Not only must the sites store P3P policy instances together with data instances, they must also: 1. Control Access to the data. Access control restricts the types of users who may gain access to data based on an expressed agreement between the PII data collector and the PII data owner.