Export (0) Print
Expand All
Expand Minimize

2.1.18 [W3C-P3P1.0] Section 3.3.6, The RETENTION element

V0025:

The specification states:

Each STATEMENT element that does not include a NON-IDENTIFIABLE element MUST 
contain a RETENTION element that indicates the kind of retention policy that 
applies to the data referenced in that statement.

All Document Modes (All Versions)

STATEMENT elements that do not contain a NON-IDENTIFIABLE child element are not required to contain a RETENTION element containing at least one subchild.

V0026:

The specification states:

<RETENTION>
the type of retention policy in effect
The RETENTION element MUST contain one of the following:

<no-retention/>
Information is not retained for more than a brief period of time necessary to make 
use of it during the course of a single online interaction. Information MUST be 
destroyed following this interaction and MUST NOT be logged, archived, or otherwise 
stored. This type of retention policy would apply, for example, to services that 
keep no Web server logs, set cookies only for use during a single session, or 
collect information to perform a search but do not keep logs of searches performed.

<stated-purpose/>
For the stated purpose: Information is retained to meet the stated purpose. This 
requires information to be discarded at the earliest time possible. Sites MUST have 
a retention policy that establishes a destruction time table. The retention policy 
MUST be included in or linked from the site's human-readable privacy policy.

<legal-requirement/>
As required by law or liability under applicable law: Information is retained to 
meet a stated purpose, but the retention period is longer because of a legal 
requirement or liability. For example, a law may allow consumers to dispute 
transactions for a certain time period; therefore a business may for liability 
reasons decide to maintain records of transactions, or a law may affirmatively 
require a certain business to maintain records for auditing or other soundness 
purposes. Sites MUST have a retention policy that establishes a destruction time 
table. The retention policy MUST be included in or linked from the site's human-
readable privacy policy.

<business-practices/>
Determined by service provider's business practice: Information is retained under a 
service provider's stated business practices. Sites MUST have a retention policy 
that establishes a destruction time table. The retention policy MUST be included in 
or linked from the site's human-readable privacy policy.

<indefinitely/>
Indefinitely: Information is retained for an indeterminate period of time. The 
absence of a retention policy would be reflected under this option. Where the 
recipient is a public fora, this is the appropriate retention policy.

All Document Modes (All Versions)

The RETENTION element is not required to contain any subelements.

Show:
© 2014 Microsoft