Поделиться через

Privacy Policies and Cobranding

  • Статья

Privacy Policies and Cobranding

Your site must have a posted privacy statement that conforms to industry standards and is easily accessible from the home page and other pages on which personal information is obtained. Additionally, if your site is implementing Microsoft® Kids Passport, you must have a privacy statement that explains your Kids Passport practices in detail, including the level(s) of consent your site supports. For more information on privacy statements, see License and Service Agreement.

To provide our customers with a clear, consistent message about their personal information when using the Microsoft® .NET Passport service, Microsoft requests that if your site uses the flexible-layout cobranding technique, you should do one of the following:

  • Link to the .NET Passport privacy statement as the only privacy statement displayed on any cobranded page.

  • Include the .NET Passport privacy statement language provided as the JavaScript variable strPrivacyStatement, to be written inline (using the document.write method) into your site's own privacy statement text.

One of these two approaches is necessary, because linking to more than one privacy statement from a given page may be misinterpreted. Users need to be able to access a single privacy statement that presents the policies of .NET Passport as well as any privacy statements specifically pertaining to your site.

For information about how to embed the standardized .NET Passport text into your privacy statement, see Flexible-Layout Cobranding Overview.

Note  Participating sites are able to suppress links to specific .NET Passport elements (Member Services, Terms of Use, Privacy Statement, Copyright, and Help) as long as certain conditions are met by the participating site. The default setting will be to show links to these elements. If a participating site requests that text or links not appear, the site is required to include that text or links on its own pages. For more information, see Cobranding and Suppressing .NET Passport Elements.

The variable strPrivacyStatement is defined in a file served by .NET Passport. To get the URL for this file, use the GetDomainAttribute method of the Passport Manager, requesting the "PrivacyText" attribute. The text contained in the variable does not have a heading or title. It is recommended that you display the .NET Passport text using the title, "Microsoft .NET Passport Service," styled as appropriate to the site.

Note   The .NET Passport privacy text (as used in the second alternative previously mentioned) is TRUSTe approved. For more information about TRUSTe, see the TRUSTe Web site .

Why Use the GetDomainAttribute Method?

Using the GetDomainAttribute method allows for the possibility that for some reason the network URL has changed, in which case the Component Configuration Document (CCD) mechanism provided by Passport Manager will have updated the CCD and this particular attribute. This method should be called with "Default" as a parameter, as shown in the following code fragment.

<%
set oMgr = Server.CreateObject("Passport.Manager") 'assumes not already created on page
dim privacyScriptURL
privacyScriptURL = oMgr.GetDomainAttribute("PrivacyText",,"Default")
...
%>

Using a Hard-Coded URL if Passport Manager Methods Are Not Available

Hard-coding the URL to the privacy text script is not recommended. However, if it is necessary to hard-code the URL instead of requesting it using GetDomainAttribute, the URL is as follows.

https://www.passport.net/privacy/privacytext.asp

Example

The following example determines the network-derived location of the file containing the .NET Passport privacy text, includes the file, and then writes the privacy text string inline into other text on the client side.

<%
set oMgr = Server.CreateObject("Passport.Manager") 'assumes not already created on page
dim privacyScriptURL
privacyScriptURL = oMgr.GetDomainAttribute("PrivacyText",,"Default")
%>
<H4>.NET Passport Privacy Statement Demo</H4>
<SCRIPT LANGUAGE="javascript" SRC="<%=privacyScriptURL%>"></SCRIPT>
<P>This is local text written before the privacy statement. Below is the privacy statement.</P>
<HR>
<H3>Microsoft .NET Passport Service</P>
<P><SCRIPT  LANGUAGE="javascript">document.write(strPrivacyStatement)</SCRIPT></P>
<HR>
<P>This is local text written after the privacy statement.</P>

This code is rendered as follows.

.NET Passport Privacy Statement Demo

This is local text written before the privacy statement. The following is the privacy statement.

Microsoft .NET Passport Service

This is local text written after the privacy statement.

Privacy Statements and Internationalization

Internationalized versions of the privacy statement can be obtained by specifying the lcid parameter when calling GetDomainAttribute. The lcid parameter should be the decimal representation of a locale ID (LCID). For a table of LCIDs, see Localization and .NET Passport Services.

For example, to request the file that contains the JavaScript variable string of the .NET Passport privacy statement in French, use the following code:

<%
set oMgr = Server.CreateObject("Passport.Manager") 'assumes not already created on page
dim privacyScriptURL
privacyScriptURL = oMgr.GetDomainAttribute("PrivacyText",1036,"Default")
%>

The variable that contains the actual privacy text is always named strPrivacyStatement, regardless of the locale.

As an alternative to the preceding code, you can use the URL derived for the English-language privacy text, and add an lc query string parameter to it. As the value of the lc query string parameter, supply the LCID code for the language you want. The following is an example of that technique.

https://www.passport.net/privacy/privacytext.asp?lc=1036

This will match the output of the GetDomainAttribute example.

Linking to the Static .NET Passport Privacy Statement

If your site chooses the first option described in the introduction, linking to the .NET Passport privacy statement as the only privacy statement on cobranded pages, you should also obtain this link using GetDomainAttribute. The attribute to query for in this case is "PrivacyPolicy". Again, this attribute should be obtained using the "Default" parameter. This is illustrated by the following example code:

<%
set oMgr = Server.CreateObject("Passport.Manager") 'assumes not already created on page
dim privacyPolicyURL
privacyPolicyURL = oMgr.GetDomainAttribute("PrivacyPolicy",,"Default")
%>
Click <A HREF="<%=privacyPolicyURL%>"> for privacy statement.

International versions can be obtained by passing the optional LCID parameter of GetDomainAttribute when requesting the URL. For example, to get the URL for the French .NET Passport privacy statement, use the following code.

<%
set oMgr = Server.CreateObject("Passport.Manager") 'assumes not already created on page
dim privacyPolicyURL
privacyPolicyURL = oMgr.GetDomainAttribute("PrivacyPolicy",1036,"Default") '1036 LCID for FR-FR
%>
Click <A HREF="<%=privacyPolicyURL%>"> for privacy statement.

See Also

Manager.GetDomainAttribute