Hi,
As I'm down to talk about how we've approached this whole cookie thing at the upcoming get together, I thought I probably should contribute to the conversation :)
We've been monitoring the whole situation since last year but didn't do an awful lot in 2011 because everything still seemed so woolly. These are the things we've been up to since February:
* Significantly enhanced information on website privacy and cookies, including a revised privacy policy developed and ratified by University lawyers
* Cookies list created for Polopoly-driven website with processes put in place for ongoing management and upkeep.
* Scoping of consent mechanism for Polopoly-driven website outlined, consulted on with the user group, and estimated for development.
* Strategy for removal of all privacy invasive cookies from the Polopoly-driven website, replacing functionality where possible.
* An initial audit of the ed.ac.uk domain running to around 220,000 web pages with the 20,000 cookies found made available to the University via a search interface.
* A deeper audit of the Polopoly-driven website (pages in the form www.ed.ac.uk/something) identifying cookies placed by 3rd parties.
o Ongoing 6 monthly audits scheduled.
* Guidance to all web managers on compliance with the legislation, including full details of plans for the Polopoly-driven website, progress updates and ongoing amendments as greater clarity emerged
o Distributed to all relevant web and tech email communities, and to all heads of schools and units and their senior administrators (390 unique views of the guidance from initial emails sent in early March).
Polopoly is our centrally supported CMS used by about 600 people across 80ish units. There is a template available which basically allows HTML to be pasted in and then integrated into other pages. Lots of people have used this to pull in You Tube videos, Twitter feeds etc. These third party integrations have turned out to be our highest risk area - we've been inadvertently placing privacy invasive cookies on behalf of all these "free" service providers. Turns out nothing's ever really free... ;)
Cheers
N
*********************************
Neil Allison
University Website Programme
The University of Edinburgh
0131 650 9513
www.ed.ac.uk/website-programme
*********************************
The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
-----Original Message-----
From: Information Sharing List for Scottish Web Folk [mailto:[log in to unmask]] On Behalf Of Montgomery, John T.
Sent: 09 May 2012 14:05
To: [log in to unmask]
Subject: Re: Cookie Legislation
Yes. So far, we plan to do the same.
Waiting for the logging to be updated.
:-)
John Montgomery
Web Programmer
University of Aberdeen
Directorate of Information Technology
Edward Wright Building
Dunbar Street
Aberdeen
AB24 3QY
Tel: +44 (0) 1224 27 3218
Mob: 07803 371 148
Skype: jmmp08
Work: http://www.abdn.ac.uk/JMVP
Play: http://www.thevigils.co.uk
-----Original Message-----
From: Information Sharing List for Scottish Web Folk [mailto:[log in to unmask]] On Behalf Of Graham Thomson
Sent: 09 May 2012 13:10
To: [log in to unmask]
Subject: Cookie Legislation
Hi
I've been doing a bit of research into the legislation which will start to be enforced from end of May regarding our use of Cookies (I'm sure a lot of you have been doing likewise! ;) )
Our strategy to this point will probably be -
1. To say more in our Privacy Policy about our use of Cookies etc which will then link to.....
2. An Audit of Cookies hosted on our servers by domain. (This has been generated by our Systems colleagues and is a log that is kept of Cookies as and when they are served up to a user) 3. Over time we will look to make a judgement on this Audited list as to the level of intrusion of individual Cookies - although there are lots and this is not an insubstantial amount of work!
I'd be keen to hear from others as to whether this is a similar approach, or indeed nothing like the approach that you are taking / planning to take.
I realise that there are other things that are being discussed such as getting prior consent before cookies are downloaded, but certainly initially we would not be in a position to have this in place.
Cheers
Graham
--
The Sunday Times Scottish University of the Year 2009/2010 The University of Stirling is a charity registered in Scotland, number SC 011159.
The University of Aberdeen is a charity registered in Scotland, No SC013683.
|