15-508 / 17-801 / 19-608 / 95-818: Privacy Policy, Law, and Technology

Privacy Policy Project

In this project our class will draft a privacy policy and accompanying P3P policy for a real web site. The project will be done in several parts, which will be assigned as part of homework assignments throughout the semester.

The project will be done in small groups. Here are the group assignments:

Red: amcdonal, jarasin, mkwai, richaa, tgovani

Blue: jfranks, jh, jmilhans, jswang, mroth

Green: jgideon, btsai, enunge, gkumar, zgm

Purple: jytsai, hlp, mlauck, mpimente

The first person listed in each group should serve as the group leader. The group leader is responsible for coordinating when the group will meet together and for submitting the assignments on behalf of the group.

This semester we will draft a privacy policy for Sima Products Corporation, a consumer electronics manufacturer based in Oakmont, PA. Simacorp has recently launched a new web site for one of their top selling products products, GoDVD. They would like a privacy policy that they can use on both the product web site and their main web site. Storm Orion from Simacorp will meet with our class on October 5 and October 26 to answer questions and provide feedback.

Part 1 - Due October 5 (as part of HW5)

(I) Review the privacy policies of at least three consumer electronics company web sites. Some relevant sites include www.sakar.com, www.cobra.com, www.lenmar.com, www.targus.com, www.kensington.com, and www.digipowersolutions.com. For each one:

(II) Familiarize yourself with the Simacorp and GoDVD web sites. Make a list of questions you will need to answer in order to draft a privacy policy for Simacorp. You will have an opportunity to ask these questions in class on October 5.

Part 2 - Due October 12 (as part of HW6)

Draft a privacy policy for Simacorp. Format it as an HTML file suitable for posting on their web site (but include a note that this is a draft and not the official policy). Submit the HTML file (or if you have multiple files, submit a zip archive) via email.

Your policy will be graded on the following points:

Your privacy policy should accurately reflect the company's information practices.
Your privacy policy should address at least all of the bullet points on Cranor p. 67.
Your privacy policy should be easy to understand. It should be written in clear, concise, and correct English, and should be carefully proofread. Points will be taken off for sloppy organization, spelling, punctuation, and grammar.
Your privacy policy's formatting should aid reading, with section headings that stand out, lists set off with bullet points, important points or words emphasized, readable fonts, etc. The document should look professional.
Your privacy policy should be useful to the company in that it should address the needs expressed by the company representatives.

Part 3 - Due November 9 (as part of HW10)

Review the draft privacy policies created by the other teams. Based on your review and the feedback provided by the company, create a revised privacy policy. Feel free to cut and paste from other teams' drafts. Once again, format your policy in HTML and submit the files via email. Your policy will again be graded on accuracy, completeness, readability, formatting, and usefulness, as described under Part 2, above.

Part 4 - Due November 16 (as part of HW11)

(I) Create a plan for P3P enabling Simacorp (both of their sites). Do the following:

(II) Create the necessary P3P files as outlined in your plan. Make sure you validate them!

Submit via email the following files:

Your plan, P3P files, and instructions will be graded on:

your decisions in (I) should meet the needs of the company, and your rationale should explain how your decisions meet the company's needs
the company should be able to fully P3P enable their site by simply follow your instructions
the P3P files you submit should accurately reflect the privacy policy you wrote for Part 3 and should be bug-free