Specifically, the assessment includes:
- Would be adequate and sufficient for a typical site user’s privacy concerns.
- Would likely support compliance with applicable laws identified by you the customer.
- Would be consistent with the institutional policy governance model and other institutional policies related to privacy.
- Is not an exhaustive review of every website or page operated or maintained by the institution. It will focus heavily on sensitive functional areas and those websites or pages identified by the customer.
- Use non-invasive tools designed to crawl websites and identify the presence of electronic ‘trackers’ based on predefined fingerprints of ‘trackers’ that collect and share user data such as analytics, cookies, web beacons, and social widgets.
The Assessment Report, the Service Deliverable, will be delivered electronically within 10 days of receipt of payment.
A Request for Information is included within the payment receipt confirmation webpage and payment confirmation email. The customer is responsible to responding to this Information Request within 36 hours of payment.
The information requested is designed to focus and facilitate the assessment, confirm its scope and identify any specific areas of concern. The information request requires responding to the following questions via email to firstname.lastname@example.org:
- Provide the email address and telephone number of the contact.
- Identify the institution for the assessment.
- Identify web address (URL) of the institution’s primary website.
- Provide the URL of any secondary websites that use a different domain name.
- If multiple privacy policies are in use, identify the 3 to be covered in this assessment.
- Identify any departments or functions of specific interest or concern to be included.
- Identify the applicable privacy law(s), if any or if you know, for the assessment.
- Provide the URL to the organization’s policy directory if publicly accessible. If the policy directory is not publicly accessible, attach to the email any privacy related policies.
An Assessment Report will be produced and delivered electronically as a final draft within 10 calendar days of payment receipt. Working drafts or preliminary findings may be provided but the intent is to keep the assessment overhead activities to a minimum and focus on the assessment and analysis to contain the cost.
The report will include an executive summary and a detailed description of the assessment activities, findings, and any recommendations. A supplemental file of images or other artifacts may also be provided if they are easily visualized in the report.
The tools used in conjunction with this Service are subject to change and are not always useful. Website administrators may restrict site access to crawlers and other non intrusive tools which crawl sites rather than scanning. Additionally, several college and university websites have complex architectures and sitemaps (read these sitemap examples) which can an inhibit an independent discovery.