Table of Contents
This section deals with user privacy. Systems that deal with private user information such as social security numbers, addresses, telephone numbers, medical records or account details typically need to take additional steps to ensure the users' privacy is maintained. In some countries and under certain circumstances there may be legal or regulatory requirements to protect users' privacy.
All systems should clearly and prominently warn users of the dangers of sharing common PC's such as those found in Internet Cafes or libraries. The warning should include appropriate education about:
the possibility of pages being retained in the browser cache
a recommendation to log out and close the browser to kill session cookies
the fact that temp files may still remain
the fact that proxy servers and other LAN users may be able to intercept traffic
Sites should not be designed with the assumption that any part of a client is secure, and should not make assumptions about the integrity.