Was this page helpful?
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All
Collapse the table of content
Expand the table of content
Expand Minimize

2.1.18 [W3C-P3P1.0] Section 3.3.6, The RETENTION element

V0025:

The specification states:

 Each STATEMENT element that does not include a NON-IDENTIFIABLE element MUST 
 contain a RETENTION element that indicates the kind of retention policy that 
 applies to the data referenced in that statement.

All Document Modes (All Versions)

STATEMENT elements that do not contain a NON-IDENTIFIABLE child element are not required to contain a RETENTION element containing at least one subchild.

V0026:

The specification states:

 <RETENTION>
 the type of retention policy in effect
 The RETENTION element MUST contain one of the following:
  
 <no-retention/>
 Information is not retained for more than a brief period of time necessary to make 
 use of it during the course of a single online interaction. Information MUST be 
 destroyed following this interaction and MUST NOT be logged, archived, or otherwise 
 stored. This type of retention policy would apply, for example, to services that 
 keep no Web server logs, set cookies only for use during a single session, or 
 collect information to perform a search but do not keep logs of searches performed.
  
 <stated-purpose/>
 For the stated purpose: Information is retained to meet the stated purpose. This 
 requires information to be discarded at the earliest time possible. Sites MUST have 
 a retention policy that establishes a destruction time table. The retention policy 
 MUST be included in or linked from the site's human-readable privacy policy.
  
 <legal-requirement/>
 As required by law or liability under applicable law: Information is retained to 
 meet a stated purpose, but the retention period is longer because of a legal 
 requirement or liability. For example, a law may allow consumers to dispute 
 transactions for a certain time period; therefore a business may for liability 
 reasons decide to maintain records of transactions, or a law may affirmatively 
 require a certain business to maintain records for auditing or other soundness 
 purposes. Sites MUST have a retention policy that establishes a destruction time 
 table. The retention policy MUST be included in or linked from the site's human-
 readable privacy policy.
  
 <business-practices/>
 Determined by service provider's business practice: Information is retained under a 
 service provider's stated business practices. Sites MUST have a retention policy 
 that establishes a destruction time table. The retention policy MUST be included in 
 or linked from the site's human-readable privacy policy.
  
 <indefinitely/>
 Indefinitely: Information is retained for an indeterminate period of time. The 
 absence of a retention policy would be reflected under this option. Where the 
 recipient is a public fora, this is the appropriate retention policy.

All Document Modes (All Versions)

The RETENTION element is not required to contain any subelements.

Show:
© 2016 Microsoft