• New Zealand Government Web Standards 2.0

• New Zealand Government Web Standards 1.0
  • » 1. Images
  • » 2. Colour
  • » 3. Site Markup
  • » 4. Special Purpose Documents
  • » 5. Writing Content
  • » 6. Site Content
  • » 7. Page Layout
  • » 8. Navigation
  • » 9. Style Sheets
  • » 10. Dynamic Content
  • » 11. Tables
  • » 12. Frames
  • » 13. Scripting and Applets
  • » 14. Page Refreshing
  • » 15. Site Behaviour
  • » 16. Site Layout
  • » 17. Archiving
  • » 18. Quality Assurance
  • » 19. Data Tracking
    • 19.1 Data tracking able to be disabled
    • 19.2 Rules governing storage of tracking data
    • 19.3 Client-side personally identifiable data storage
    • 19.4 Encryption of personal information in tracking data
    • Recommendation 19.1.1 Scope of collecting tracking data
    • Recommendation 19.1.2 Server side session state
  • » 20. Authentication
  • » 21. Security
  • » 22. Online Forms
  • » 23. Tendering and Contracting
  • » 30. Site Delivery
  • » 31. Operational
  • » 32. Web Strategy

19.3 Client-side personally identifiable data storage

The Standard

19.3 No directly readable personal information is to be persisted on the device on which the user is hosting their browser (e.g. client machine such as a user’s personal computer).

Guide to this standard

'Directly readable personal information' refers to data that would be able to reveal identity of an individual (or individuals) solely via

• reading the data without the need to decrypt the data, and/or
• without combining with other (secure) data

For example, a user name that is encrypted, or a reference 'handle' (i.e., a session ID) that can link to more identifiable user details server-side are examples of data relating to personal details that does not reveal individual identity.

An example of information persisted on the device hosting a user's browser session is data persisted in a client-side cookie in the case of a user hosting their browser session on a personal computer.

If personal information is to be persisted within tracking data using only encryption, it is expected that the cryptographic module specification meets an acceptable level of security (refer FIPS-140, as a guide). Refer also to NZ Government Information Technology Security Manual NZSIT 400, chapter 9, which details approved cryptographic algorithms.

Note: As per recommendation 19.1.2, if it is necessary to maintain 'state', server-side session management should be used in preference to client-side session management.

Rationale for this standard

It is important not to inadvertently compromise the privacy of personal identity. Storage of personally identifiable information, for example in a cookie, can be insecure and is open to attack from malicious web sites and software, or can be read by other users who share use of a client device.