- What information is being collected? Is the information personally identifiable?
- Why is it necessary to collect this information? Is the data collection appropriate to the activity or transaction? If not, why does the site need it?
- How is the data being collected? Does the site set cookies? Does the site maintain Web logs?
- How is personal information used once it is collected? Is it ever used for purposes other than those for which a visitor has provided it? (If so, the visitor should be informed of the use.) Has the visitor consented to it? Does the visitor have the option to prohibit such secondary use? Can a visitor prohibit it and still enjoy the site?
- Does the site offer different kinds of service depending on user privacy preferences? Does a user have a choice regarding the type and quantity of personal information that the site collects? Does the site disadvantage users who exercise data collection choices?
- Can users access information that has been collected about them? Are users able to correct inaccurate data?
- How long is personal information stored? Is it kept any longer than necessary for the task at hand?
- What is the complaint and redress process? Whom can users contact?
- What laws govern the collection? Is it a federal government site regulated by the Privacy Act?
- Is the entity collecting information regulated by another privacy law?
- When reviewing the policy, be careful to distinguish information about information collection and privacy from language included to market to you or to encourage you to reveal information.