Treasury Board of Canada Secretariat
Symbol of the Government of Canada
Skip to content   Skip to institutional links

Common menu bar links

Home  > Chief Information Officer Branch  > Information and Privacy Policy  > Privacy and Government On-Line

Institutional links



Cookie Guidelines


Step Eight: Consider publishing an FAQ

After referencing cookies in both the general Web site Privacy Notice and in each specific Privacy Notice Statement that appears at each location where your site asks for personal information, consider publishing a "Frequently Asked Questions" (FAQ) section.

You can link to this section from both the Privacy Notice and each Privacy Notice Statement to help educate your visitors about cookies in general and address any concerns they may have about the use of cookies on your site.

Here is a generic FAQ you can use as is or modify to your particular circumstances for public posting. It's a good idea to read the FAQ yourself since it contains some additional information not covered in the introduction of the Guidelines.

Public FAQ

What is in a Cookie?

A cookie is a computer text file sent to a visitor's Web browser (the software used to access the Internet such as Internet Explorer and Netscape) by a Web server (the computer that hosts the Web site) in order to remember certain pieces of information. This can be a convenience for both Web site visitors and operators because it can be used to reduce the amount of time to input and process the same information each time a Web site is used.

Information stored within a cookie can be read only by the Web server that originally sent the cookie, not by other Web servers.

Typically, a cookie comprises:

  • a name for the cookie (chosen by the Web site you are visiting);

  • a value (unique number for the cookie) (determined by and stored by the Web site for future recognition and action);

  • an expiration date;

  • a valid path (details about the Web page(s) that the visitor was on when the cookie was sent);

  • a valid domain (the name of the Web site that created and can retrieve the cookie);

  • a secure connection requirement (if the cookie is marked "secure," it will only be transmitted if the visitor is connected to a secure Web site.

Are there different kinds of cookies?

There are two types of cookies.

Session Cookies:These cookies reside on the Web browser and have no expiry date. They expire as soon as the visitor closes the Web browser. Session cookies remember information only for as long as the visitor operates the Web browser in a single "session" (or "sitting"). Session cookies can be used by Web site operators to determine information such as what parts of a Web site are popular, how long people stay on certain sections of a Web site and what browsers people are using.

Persistent Cookies: These cookies have an expiry date, are stored on a visitor's hard drive and are read by the visitor's browser each time the visitor visits the Web site that sent the cookie. It is possible for the web site that created the cookie to extend the expiry date without notice to the visitor. They will remain there until the set date has expired or until the visitor has deleted the file. However, most people do not know how to delete cookies. In addition, the prolonged existence of persistent cookies means they can be used to follow Web browsing behavior and purchasing habits. In some cases, they can also be used to identify a Web visitor when the persistent cookie data is combined with information from other sources such as databases (for example, matching an I.P. address with a person's name).

Do Government of Canada Web sites use cookies?

Many Government of Canada Web sites use session cookies. In rare cases, persistent cookies are used.

In all cases, you are informed about the presence of session and persistent cookies and how they are used.

Your privacy is also safeguarded under Canada's Privacy Act.

How will you know when a Government of Canada Web site is using cookies?

It is the policy of the Government of Canada to inform you of when cookies are being used on a Government of Canada Web site. You will find this information by clicking on the Important Notices link at the bottom of Government of Canada Web pages and linking to the "Privacy Notice."

In addition, each time a persistent cookie is used, you will be informed before providing any information stored by that cookie. These are called "Privacy Notice Statements" and they appear at every part of the Web site where personal information is requested.

What are you entitled to know about cookies on Government of Canada Web sites?

You are entitled to know what information is gathered by applications and what is stored in cookies, for what purposes, how the information is stored and where, how you can gain access to your personal information and who to contact if you have any questions.

You are also entitled to public information and services without having to use cookies.

How can I turn cookies on or off?

If the features on this site using cookies do not work on your Web browser, your browser may have the cookie feature turned off. Depending upon the browser you are using, it can be set to accept a range of options from not accepting any cookie to accepting only session cookies, to allowing all cookies.

Some browsers can also be configured to alert you before a cookie is to be placed on your machine and ask if you wish to accept the cookie or not.

To determine how you can enable or disable cookies and activate any special alerts, click on the "Help" option in your Web browser toolbar and search the help index using the word "cookies."

There are also inexpensive software programs available on the market that can help you manage your cookies and enable you to easily turn them on or off and to delete them. These features are often part of programs designed to allow easy and safe deletion of applications and files on your computer.

Why are cookies used?

Cookies are commonly used for the convenience of site visitors.  They can be used to customize Web pages and to save visitors the time of re-typing information.  Cookies are also employed to remember what a visitor communicated on one Web page so that subsequent pages can provide data consistent with earlier patterns.

Cookies are also used by Web site owners and operators in respect to gathering data and connecting a visitor to a range of Web site features.

Cookies can record the browsing habits of visitors to determine what pages, ads and messages are garnering the greatest response and then adjust rates of exposure accordingly.

Can cookies read information from a visitor's hard drive?

No. Cookies can only store data that is provided by the server or generated by an explicit action by a visitor.

Can cookies be used to gather sensitive information?

Cookies cannot be used to gather sensitive information such as the fields in a browser preference file. They can be used to store any information provided by the server/application that the visitor volunteers and that the web site places in the cookie, for example by filling out an HTML form. In this case, however, the same information can just as easily (and with potentially more objectionable privacy concerns) be stored on the server by using a simple server-side application that stores visitor information in a database.  Cookies are passive data structures that are delivered to the visitor, stored on the visitor's hard drive, and returned in certain situations to the same server that provided the information in the first place.

Where are cookies stored?

Persistent cookie data is stored on the visitor's hard drive (although during actual communication it is stored in memory). The file name is different for each platform. For example, on Windows machines, cookie data is stored in a file called "Cookies" typically in the "Windows" directory. For session cookies, they are only held in memory.

How long do cookies last?

A Web site may set an expiration date for a cookie it delivers and extend it later without notice to the visitor. If no expiration date is specified, the cookie is deleted when the visitor quits the browser. However, because of typically poor configuration, cookies often default to 30 years as an expiration date.

Are cookies a security risk?

Cookies by nature are a security risk because you are allowing a web site to store information on your computer. However, cookies are structured so that sites cannot store a cookie that contains a virus or something to that effect.

Can a cookie do any damage to your computer?

No, it's just a small text file. It can't carry a virus or interfere with any of the other files on your computer.

What products support cookies?

All common browsers now support cookies.



Date Modified: 2004-04-06
 
Return to Top of Page
 Top of Page
Important Notices