Online Privacy Policy Assessment

The Online Privacy Policy Assessment is service designed to assess the adequacy and accuracy of the college and university websites privacy policies and online privacy practices.

Online Privacy Policy Assessment Service Description

Web Trackers on Arkansas State University Websites

The Online Privacy Policy Assessment Service mimics the assessment and analysis performed as part of online privacy Case Study: Arkansas State University Privacy Policy and Web Trackers presented on this blog. However, the scope of the assessment, the tools used, and the analysis may vary based on the applicable laws and the institution’s practices and website configuration.

The Online Privacy Policy Assessment includes two main activities. In simple terms the first activity is designed to determine if what your policy says you do is adequate and the second is to determine if what your policy says you do is in fact what you are doing.

Specifically, the assessment includes:

  1. An assessment of the institution’s website(s) privacy policy. If multiple and unique website privacy policies are in use, the Service will be limited to assessing the 3 policies identified by the customer. This activity examines the policy design to determine if the elements and descriptions of the privacy practices:
    1. Would be adequate and sufficient for a typical site user’s privacy concerns.
    2. Would likely support compliance with applicable laws identified by you the customer.
    3. Would be consistent with the institutional policy governance model and other institutional policies related to privacy.
  2. An assessment of online privacy practices. This activity is an operational assessment of the privacy practices through a direct examination of the institutional websites for compliance with the website(s) privacy policy. The examination:
    1. Is not an exhaustive review of every website or page operated or maintained by the institution. It will focus heavily on sensitive functional areas and those websites or pages identified by the customer.
    2. Use non-invasive tools designed to crawl websites and identify the presence of electronic ‘trackers’ based on predefined fingerprints of ‘trackers’ that collect and share user data such as analytics, cookies, web beacons, and social widgets.

Service Delivery

The Online Privacy Policy Assessment service is a fixed fee engagement delivered as a remote service. The assessment work generally begins within 24 hours upon receipt of payment.

The Online Privacy Policy Assessment activities will be ordinarily conclude within 5 days of receiving the Information Request responses detailed below leading into the analysis and report writing phase. A brief conference call may be scheduled for this time, or when needed, to validate any unusual findings or seek additional information that might be needed.

The Assessment Report, the Service Deliverable, will be delivered electronically within 10 days of receipt of payment.

Customer Responsibilities

A Request for Information is included within the payment receipt confirmation webpage and payment confirmation email. The customer is responsible to responding to this Information Request within 36 hours of payment.

The information requested is designed to focus and facilitate the assessment, confirm its scope and identify any specific areas of concern. The information request requires responding to the following questions via email to

  1. Provide the email address and telephone number of the contact.
  2. Identify the institution for the assessment.
  3. Identify web address (URL) of the institution’s primary website.
  4. Provide the URL of any secondary websites that use a different domain name.
  5. If multiple privacy policies are in use, identify the 3 to be covered in this assessment.
  6. Identify any departments or functions of specific interest or concern to be included.
  7. Identify the applicable privacy law(s), if any or if you know, for the assessment.
  8. Provide the URL to the organization’s policy directory if publicly accessible. If the policy directory is not publicly accessible, attach to the email any privacy related policies.

Service Deliverable

An Assessment Report will be produced and delivered electronically as a final draft within 10 calendar days of payment receipt. Working drafts or preliminary findings may be provided but the intent is to keep the assessment overhead activities to a minimum and focus on the assessment and analysis to contain the cost.

The Case Study: Arkansas State University Privacy Policy and Web Trackers is representative of the Assessment Report although it has been distilled down and reformatted for an online format.

The report will include an executive summary and a detailed description of the assessment activities, findings, and any recommendations. A supplemental file of images or other artifacts may also be provided if they are easily visualized in the report.

Service Limitations

College and university websites are known to contain thousands, even tens of thousands, of pages. An exhaustive analysis and assessment of every page and website is not feasible within the constraints of a fixed fee remote Online Privacy Policy Assessment Service model.

The tools used in conjunction with this Service are subject to change and are not always useful. Website administrators may restrict site access to crawlers and other non intrusive tools which crawl sites rather than scanning. Additionally, several college and university websites have complex architectures and sitemaps (read these sitemap examples) which can an inhibit an independent discovery.

The Online Privacy Policy Assessment and Assessment Report are not a substitute for professional legal or regulatory advice on complying with federal or state privacy laws.

Online Privacy Policy Assessment
This is a fixed fee remote service to conduct an assessment of an institutions website(s) privacy policy and online privacy practices. See product page for complete details.
Price: $1,500.00

1 Response to Online Privacy Policy Assessment

  1. Pingback: Case Study: Arkansas State University Privacy Policy and Web Trackers

Leave a Reply

Your email address will not be published.