So the W3C have recently released a document entitled Web Application Privacy Best Practices, which I have to say I am more than happy about.
I really think that with most things in life, if you can follow a best practice (and so long as that best practice is sound) then you won't go far wrong.
So I guess the first question I have to ask is, is this document sound? Well, of course it is, it is written by some of the smartest people in our industry and a lot of thought has went into it.
As it is the first public working draft we cannot expect the content to stay nailed down exactly as it is but I don't think it would be jumping the gun to begin implementing those best practices mentioned in it.
Having read through the document a couple of times I don't think there is anything too ground breaking in it, if you are a thoughtful web developer who tries to keep the end user happy then you are probably doing most of these things anyway.
One of the items I personally need to put more thought into is…
Best Practice 9: Retain the minimum amount of data at the minimum level of detail for the minimum amount of time needed. Consider potential misuses of retained data and possible countermeasures.
I try and maintain the minimum amount of data, but I never really consider how long I need that data for, any tips you have on how to judge this type of thing I would love to hear about in a tweet.
One thing I think is maybe missing from this document.
I will be following the steps outlined in the document.
To wrap up then, I am glad a document like this has surfaced, it will make my life easier when making decisions and if the majority of web owners followed them it might make the world a better place!