• New Zealand Government Web Standards 2.0

• New Zealand Government Web Standards 1.0
  • » 1. Images
  • » 2. Colour
  • » 3. Site Markup
  • » 4. Special Purpose Documents
  • » 5. Writing Content
  • » 6. Site Content
  • » 7. Page Layout
  • » 8. Navigation
  • » 9. Style Sheets
  • » 10. Dynamic Content
  • » 11. Tables
  • » 12. Frames
  • » 13. Scripting and Applets
  • » 14. Page Refreshing
  • » 15. Site Behaviour
  • » 16. Site Layout
  • » 17. Archiving
  • » 18. Quality Assurance
  • » 19. Data Tracking
    • 19.1 Data tracking able to be disabled
    • 19.2 Rules governing storage of tracking data
    • 19.3 Client-side personally identifiable data storage
    • 19.4 Encryption of personal information in tracking data
    • Recommendation 19.1.1 Scope of collecting tracking data
    • Recommendation 19.1.2 Server side session state
  • » 20. Authentication
  • » 21. Security
  • » 22. Online Forms
  • » 23. Tendering and Contracting
  • » 30. Site Delivery
  • » 31. Operational
  • » 32. Web Strategy

19.2 Rules governing storage of tracking data

The Standard

19.2 If tracking data is being recorded (e.g., such as that held in a temporary client-side cookie), then the agency must place on the site a disclaimer stating (as a minimum):

1. That tracking data is being recorded,
2. What processes are being utilised to collect the data
3. How the data will be stored
4. The benefits to the user community of the web site resulting from the collection of such data.
5. How a user can prevent this data from being collected
6. The impact (if any) on the experience the user may have with the web site, if the user chooses to disable the tracking data.

Guide to this standard

This standard is in the context of the definition of Tracking Data in the Glossary of Key Concepts.

Processes utilised to collect the data can be described by an easily understood statement (minimising technical jargon) of how your agency is initiating and establishing the data-recording process for the web site.

For example:

"A script to run in your browser, which creates a file on your computer (referred to in technical circles as a "cookie") that contains a randomly generated ID. The ID is used to track which pages on our web site you have visited and also assists identifying you when returning to our web site. The file on your computer does not identify you by any personal information. No data in this file can be used to identify you in our agency should this file be compromised by a third party."

Also include any details associated with the specific reasoning for the recording of such data. For example, utilising a third-party organisation who provide analytical information to your agency via collection of tracking data on your agency’s behalf;

"Information is recorded about the pages you view, and basic information about your computer, such as the type of browser you are using, your screen resolution and your computer's internet address (IP address). This information is shared with Acme-analytics, a company that our agency has employed to provide web site traffic analysis processes for us."

How the data will be stored can be described by an easily understood statement, minimising technical jargon. For example, in the case of data being recorded for traffic analysis purposes:

"The aggregate data collected is stored in a database managed by Acme-analytics on behalf of our agency (include your agency name). Only authorised staffs within our agency have access to the reports created by the analysis software. Acme-analytics operates and is bound to a strict privacy policy, which they have signed with our agency."

Rationale for this standard

Because of the requirement to be able to disable the continued recording of tracking data, a site should not have its functionality dependent on this data. Information about the recording of tracking data and user choices supports the government value of transparency.