Hi Claire
Thanks for the email - and the blog posts :-)
Note that the W3C Privacy tool seems to be broken - I'll send in a bug 
report.
I've just used the Web Developer Firefox plugin.
For the Bradford home page there are 4 cookies, which seems to be from 
Google Analytics, which is covered in your policy.
Searching for "YouTube" on your blog server I find, for example:
http://blogs.brad.ac.uk/bsf/2011/09/12/sounds-of-science-competition-winner/
for which there are 9 cookie. As well as the GA cookies there are two 
from Flickr, nine from addthis.com
This suggests that pages with embedded content from third party services 
are likely to create cookies.
Note that looking at some of the Russell Group Unis mentioned in the 
recent survey at [1] I find that Cambridge and Imperial home pages have 
only 4 and 3 cookies, but Sheffield has 6 including a referrer ID and 
userID cookies (set to befefdf3dfe24840ff********* )
I guess then generalising your draft policy (which provides a valuable 
template for use by others) there will be a need to cover the different 
ways in which social media services assign cookies and in-house apps 
(e.g. backend databases) especially apps which create suspicious looking 
cookie such as 'UserID'!
Note I should add that I think the cookies used on our sites are useful; 
however there will be a need to document what they are in order to 
conform with legislation (though IANL!).
Facebook cookies will be interesting. A Google search for "facebook 
site: brad.ac.uk" finds 9 cookies from addthis.com
Therefore it seems there is a need for a form of words which covers 
bookmarking widgets. Can we agree of such wording (since legislation 
requires clear and simple explanations to users it would be better if a 
standard form of wording was used across all sites)?
Would this suffice:

The university uses the xxx bookmarking widget which enables visitors to 
the site to easily access the University's presence on social media 
services such as Facebook and Twitter.


Thanks

Brian


Reference

1 Links to Social Media Sites on Russell Group University Home Pages,
http://ukwebfocus.wordpress.com/2012/01/18/social-media-links-on-russell-group-university-home-pages/





On 20/01/2012 16:11, Claire Gibbons wrote:
>
> Hi folks
>
> Happy Friday!
>
> I’ve done a couple of blog posts (*faints*) on this subject, the 
> latest one today following the recent meeting of the NE Regional Web 
> Group last week.
>
> I’ve been asked to contribute to a national article documenting how UK 
> universities are addressing the cookie legislation and I need your 
> input. Could you share the work you have been doing around this 
> subject to potentially contribute to the article please? It would be 
> good if you could post a comment on my blog post so that everyone can 
> see what everyone is doing and pick up some hints and tips along the way.
>
> http://blogs.brad.ac.uk/planet-claire/
>
> I could do with getting examples from a variety of HEIs, e.g. devolved 
> and centralised, small and large, new and old etc etc. It will be 
> interesting to see the different approaches and issues from across the 
> sector.
>
> I’ll be writing another post over the weekend/early next week re: the 
> need to document our Privacy Policy as an audit trail (i.e. how have 
> we got to the content of the policy – what decisions were made and 
> why) and also the next phase of our audit including third party stuff 
> such as YouTube, Wordpress, and other web technologies such as 
> database driven sites. I’ll mention what tools we use to check what 
> cookies we have. Brian has already mentioned the W3C Privacy Dashboard 
> which is worth a look (use Firefox): 
> http://code.w3.org/privacy-dashboard/
>
> Ok – that’s probably enough for a Friday! I need a pint.
>
> More next week.
>
> C.
>
> --------------------------------------------------------------
>
> Claire Gibbons | Senior Web and Marketing Manager | Marketing and 
> Communications
>
> University of Bradford | BD7 1DP | E: [log in to unmask] | T: 01274 
> 236529
>
> http://www.bradford.ac.uk <http://www.bradford.ac.uk/> | 
> http://twitter.com/BradfordUni |
>
> www.youtube.com/UniversityOfBradford 
> <http://www.youtube.com/UniversityOfBradford> | 
> http://www.wildwestyorkshire.com <http://www.wildwestyorkshire.com/>
>
> Number One in Yorkshire for graduate level employment 
> <http://www.bradford.ac.uk/undergraduate/your-career/graduate-employment/>
>
> -------------------------------------------------------------
>
> *From:*Managing institutional Web services 
> [mailto:[log in to unmask]] *On Behalf Of *Brian Kelly
> *Sent:* 15 December 2011 09:07
> *To:* [log in to unmask]
> *Subject:* Re: Cookies and new ICO guidance
>
> Hi Paul (and others)
>
> My post on *The Half Term Report on Cookie Compliance***[1] has been 
> published. I echo the comments made by Ranjit and Matt Jukes on his 
> blog that the new guidelines are sensible and implementable. The 
> guidelines have helpfully described the steps which should be taken:
>
> 1./Check what type of cookies and similar technologies you use and how 
> you use them./
>
> 2./Assess how intrusive your use of cookies is./
>
> 3./Where you need consent – decide what solution to obtain consent 
> will be best in your circumstances./
>
> I'm sure many people will already be doing this. Note that Claire 
> Gibbons (University of Bradford) has documented the work she has been 
> involved in [2].
>
> In her post Claire invites others to participate in an exercise in 
> documenting decisions and providing access to policy statements. I'd 
> encourage people to participate.
>
> Also note that a post on the ICO blog [3] states that:
>
> Finally, I want to make it clear what will happen after 26 May 2012, 
> the end of the lead-in period. There will not be a wave of knee-jerk 
> formal enforcement action taken against people who are not yet 
> compliant but trying to get there. If you are working towards 
> compliance and following my advice then keep going. If you haven’t 
> started yet, you need to be reading the advice, speaking to your 
> peers, looking at how other websites inform and empower their users.
>
> The suggestion about "speaking to your peers" is important. If as a 
> sector we can demonstrate best practices this will be good for us all.
>
> Brian
>
> References
>
> 1 
> http://ukwebfocus.wordpress.com/2011/12/15/the-half-term-report-on-cookie-compliance/ 
>
>
> 2 *Cookies and legislation – some thoughts and a sector invite* 
> <http://blogs.brad.ac.uk/planet-claire/2011/12/14/cookies-and-legislation-some-thoughts-and-a-sector-invite/>. 
> http://blogs.brad.ac.uk/planet-claire/2011/12/14/cookies-and-legislation-some-thoughts-and-a-sector-invite/ 
>
>
> 3 ICO blog: half term report on cookies compliance, 
> http://www.ico.gov.uk/news/blog/2011/half-term-report-on-cookies-compliance.aspx 
>
>
> On 15 Dec 2011, at 08:30, Paul Browning wrote:
>
>
>
>     Hi Paul and all,
>
>     The GA cookies and almost all analytical cookies are first party
>
>     cookies nowadays i.e. google-analytics.com
>     <http://google-analytics.com> does not set the cookie, but
>
>     is simply some Javascript instructions that your website follows
>     to set
>
>     the cookie.:
>
>     Some other service providers are third party cookies, as you can
>
>     imagine a third party cookie is required for services that track
>
>     across sites and domains ( back to the evil advertising persistent
>
>     cookie that this legislation is really after).
>
>
> That's a very helpful clarification.
>
> Thanks
>
> Paul
>

-- 
--------------------------------------------------------
Brian Kelly
UKOLN, University of Bath, Bath, UK, BA2 7AY
Email: [log in to unmask]
Blog: http://ukwebfocus.wordpress.com/
Twitter: http://twitter.com/briankelly