a. Review the various privacy-related policies already in place at CMU, including the computing policy, Blackboard privacy guidelines, student privacy rights, privacy of faculty offices, and other relevant policies (here is a good list of policies). Prepare a list of all aspects of privacy that are covered by these policies.
b. Read the privacy policies of at least four other universities (please list the URLs of the policies you read). What did you find in these policies that you liked? What did you find in these policies that you did not like? (You should comment on the format, style, content, and substance of these policies.)
Spend some time looking at the CMU web sites. Look at the site map on the main CMU web site. Use the search facility to find pages that include forms.
What is the purpose of the main CMU web site (www.cmu.edu)? What kinds of data appear to be collected on this site? Is this data collected from the general public or just members of the CMU community? Who appears to be responsible for this data (a specific department, central administration, etc.)?
What other web sites are there in the cmu.edu domain (you don't need to list all of them, but try to list groups of web sites). What kinds of data are collected on these sites? Is this data collected from the general public or just members of the CMU community? Who appears to be responsible for this data?
Create a web page or set of web pages that includes all of these components. Ideally, you should post this web page (suitably labeled as a draft for a course project and not the official CMU policy) and include the URL in your homework. If you are unable to post it yourself, please email the HTML file(s) to me and I will post them. (We are posting them so that you can each review each others' drafts, but they will be publicly accessible.) I am interested in seeing not only the content of what you put into your draft policy, but also how you write and format it so that it is easily understandable. Feel free to borrow ideas from some of the other policies you looked at. The policy you create should match current CMU practice as best you can determine. There will probably be some areas where you don't really know what the current policy or practice is. In those cases, write the policy to reflect what you think it should be, both from the perspective of protecting privacy as well as being practical in the CMU environment.
Please turn in:
I have divided the class into the following sub-committees, each chaired by a graduate student:
Candice, Bella, Vincent, Ramya
Pei-Chao, Ben, Matt, Christina
Ashish, Indrani, Eduardo
Each committee should produce a new draft of the policy, using your Part 4 work as a starting point. The chair should post the policy (or delegate this to someone else) and submit the URL to me.
Do this part with the same committee you worked with for Part 5.
1. Come up with an overall plan for P3P-enabling the CMU web sites. Determine how many policies there should be and who should be responsible for creating them. Where should the policies and policy reference files live? Should the well-known location, HTTP header, or embedded link mechanism be used? Should compact policies be used, and, if so, where? Post your plan (formatted in HTML) on the server where you posted the policy you created in part 5 and send me the URL.
2. Create a P3P policy that would be applicable to the main CMU home page (it should correspond with the policy you created in Part 5). Post it on the server where you posted the policy you created in part 5 and send me the URL.