Registration:Host: Difference between revisions

From Hackepedia
Jump to navigationJump to search
m Note to European "germans"
 
(4 intermediate revisions by one other user not shown)
Line 1: Line 1:
== Hosting a personal information registration process ==
== Hosting a personal information registration process ==


You've probably been sent this link because you're either the host of a registration process, or you have a desire to create one. Here are some easy steps in deciding if you should be hosting registration.
You've probably been sent this link because you're either the host of a registration process, or you have a desire to create one. Here are some easy steps in deciding if you should be hosting registration.


#What would happen if your users don't register? Do they have any reason to believe you need their personal information other then to sell it for your own personal needs?  
#Is user registration really required on your website? My users lie, so are you adding an unnecessary step?
#Are you providing a secure mechanism for them to register? This is most often no. Creating a form on an http webpage is one of the worst offenders. These sites are just screaming they have no idea about information security in the least. If you host a web based registration site, ensure it offers [[SSL]], in the least.
#Are you providing a secure mechanism for them to register? This is most often no. Creating a form on an http webpage is one of the worst offenders. These sites are just screaming they have no idea about information security in the least. If you host a web based registration site, ensure it offers [[SSL]], in the least.
#What happens when the user submits their registration? A challenge to the reader is to publicly provide your privacy policy regarding how you store their personal data, and what access control you have around their data.  
#What happens when the user submits their registration? A challenge to the reader is to publicly provide your privacy policy regarding how you store their personal data, and what access control you have around their data.  
#How long will that data be stored? Does the user have an easy process to remove their personal data from your server(s)?
#How long will that data be stored? Does the user have an easy process to remove their personal data from your server(s)?
#Can you answer all of the typical questions of a [[Registration:User]]?






 
[[Talk:Registration:Host|The Bad Registration Host page]]




Line 18: Line 18:
== External Reading ==
== External Reading ==


[http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp Canadian Privacy Act] Make sure you read this site if you will have any Canadian users. It is required that you publish a privacy policy that outlines what you will do with the personal information of your Canadian users.
[http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp PIPEDA] Make sure you read this site if you will have any Canadian users. It is required that you publish a privacy policy that outlines what you will do with the personal information of your Canadian users.
 
 
== Note to German repeat Offenders ==
 
It is imparative that you NEVER lie!  Leave your full name and
Address if you must so that the powers that be can shrug you off.

Latest revision as of 00:25, 29 March 2007

Hosting a personal information registration process

You've probably been sent this link because you're either the host of a registration process, or you have a desire to create one. Here are some easy steps in deciding if you should be hosting registration.

  1. Is user registration really required on your website? My users lie, so are you adding an unnecessary step?
  2. Are you providing a secure mechanism for them to register? This is most often no. Creating a form on an http webpage is one of the worst offenders. These sites are just screaming they have no idea about information security in the least. If you host a web based registration site, ensure it offers SSL, in the least.
  3. What happens when the user submits their registration? A challenge to the reader is to publicly provide your privacy policy regarding how you store their personal data, and what access control you have around their data.
  4. How long will that data be stored? Does the user have an easy process to remove their personal data from your server(s)?
  5. Can you answer all of the typical questions of a Registration:User?


The Bad Registration Host page



External Reading

PIPEDA Make sure you read this site if you will have any Canadian users. It is required that you publish a privacy policy that outlines what you will do with the personal information of your Canadian users.


Note to German repeat Offenders

It is imparative that you NEVER lie! Leave your full name and Address if you must so that the powers that be can shrug you off.