2.0 Web Bugs (Web Beacons)
Do not use Web Bugs on pages dealing with political, medical, financial, religion-related or race-related issues. Since the purpose of this device is to collect information about the browsing habits of users, and the information is transmitted to third parties, the web site may unintentionally be giving the third party very sensitive personal information about users. Third party collectors of web-bug information have access to information about the page visited including the page topic. In addition, web site owners should realize that a lot of users are suspicious of web bugs and may not use the site or may not return.

2.1 Third Party Links
Hypertext links to third parties can allow data to be transmitted when information is sent in the query string. The query string can be structured to send personal information such as an email address or sensitive information about the user. The reason this can occur is because of the "Referrer" property of the HTTP protocol that tells the destination site the exact URL of the originating page including any information contained in the hyperlink.

2.2 Images and Other Objects
If your web page loads images, applets or other embedded objects from third party sites, remember that this causes the URL to be sent to the site every time a user views that page (see Web Logs). In addition, cookies that have been initiated by the third party site are also sent by the browser (third party cookies). When third parties use these cookies, it is often possible for them to uniquely identify the user through other information they have collected. In these cases, they will be able to analyze clickstream information and determine the personal interests and habits of the user. The web site owner must ensure that information in the URL (query string) for these pages do not reveal personal information.

2.3 Age and Birth Date
If you ask for demographic information such as age, birth date or other information that makes it possible to identify if the user is under age 13, you must comply with COPPA. Once you determine that the user is a child, you cannot collect other personal information without receiving explicit parental consent.

2.4 Declaring Cookies
If you are using cookies, always declare it in the privacy policy. Many servers could deliver cookies to a web site even if the web site designer does not think he/she is using them. One example of this is the session cookie implemented by Miscrosoft's IIS.

2.5 Data Spillage
Using the 'GET' method on forms can cause data to be spilled unknowingly. When you use the GET method, everything in the form is embedded in the URL sent to the result page (by the query string). For example, if a form with a GET method asks for a phone number the resulting URL could look like 'www.example.com/cgi-bin/registration.pl?phone=888-800-8008'. If the result page has third party links, images, or embedded third party objects, they will also receive the personal information.

2.6 Limiting Cookie Scope
When you need to use cookies, use the PATH parameter to limit the pages the cookie will apply to. This will allow constructing a privacy policy that can deliver the cookie policy to only the pages that the cookie is applicable to. If an identifying cookie is delivered to pages having forms that collect personal information then the web log will collect the data allowing a connection to be made between the two. This information can be used by anyone having access to the server logs.