posted by WEBSITES.COM // January 25, 2010 // Build Your Website

If you are aware of the laws governing Internet privacy, you know how important it is to develop a privacy policy for your website. A privacy policy is a legal document that explains to consumers how your business will collect, use, and keep secure any information you obtain about them.

The following is a summary of the FTC’s recommendations for a privacy policy:

• Notify consumers about your Web site’s information collection policies.
• Allow consumers to choose how your business uses any information you collect which personally identifies them.
• Give consumers a mechanism for reviewing the information you collect about them.
• Ensure the security of all consumer information that your business collects.

Your website privacy policy should include all the sections cited below.

What Information Is Collected and How

Your privacy policy should clearly state what consumer information you collect from anyone who visits your website (or communicates with your business in any other manner). There are two broad types of consumer information. Personally identifiable information (PII) is the most sensitive because it can be used to identify an individual. PII includes a person’s legal name, e-mail address, physical mailing address, social security number, phone number, medical records, and bank account numbers or other financial data. Consumers feel most secure when the only PII you collect is information they provide to you directly, such as by filling out a form on your website.

Non-PII is anonymous information that cannot be used to identify an individual. Non-PII is often used to track how visitors navigate your website, which pages were viewed most often, what other websites they have visited, and similar data.

You should also identify the technologies and methods your business uses to collect consumer information. Disclosing your methods accomplishes two things: increases customers’ trust and confidence in your business, and helps technically-savvy customers opt-out of data collection. For non-technical customers, however, you should explain how they can opt-out of providing both PII and non-PII.

How Collected Information Is Used

In this section of your website privacy policy, you tell consumers exactly how you will and will not use the information you collect. Use this as an opportunity to sell them on your website’s features and services. For instance, maybe you use cookies to track what articles they read so that you can suggest related articles.

Because email spam is such a problem, the first question consumers usually have for a business is, “Will you give my email address to anyone else?” Customers are usually most comfortable when their email addresses are only used by the business they directly give them to. However, there are many situations where businesses can benefit from sharing their customers’ email addresses. Whether you plan to share customers’ information or not, it is vital that your privacy policy accurately describes your business practices and, in the process, reassures customers so they will continue to provide the information you need to successfully run your business.

How Consumers Can Opt-Out

Generally speaking, PII should only be collected with the consumer’s consent. Non-PII can be collected without the consumer’s consent, but your privacy policy should clearly explain how the consumer can opt-out of your data collection process. The actual steps for opting-out depend on the type of information you collect and the technologies you use to do it.

If you allow third-party advertising companies (such as 24/7 Real Media or DoubleClick) to run advertisements on your site, you should tell consumers how to opt-out of these companies’ information collection process as well. However, you do not have to provide the exact instructions; simply point customers to the appropriate page on the third-party’s website. Alternatively, if the third-party advertiser is a member of the Network Advertising Initiative (NAI), point your customer to the NAI opt-out page at www.networkadvertising.org/optout_nonppii.asp.

How Collected Information is Kept Secure

Privacy and security are two separate issues. The security section of your privacy policy should describe how you ensure that all consumer information is protected from theft. If you share consumer information with business partners, what steps do you take to ensure they keep the information secure? Make sure you include this information in your website privacy policy.

With Whom You Share Collected Information

It is not necessary that you list every single company, business partner, or entity that you might share collected information with. You should, however, mention types of entities you will share information with; for instance, business partners, credit card companies, and government agencies. For each type of entity, list the type of collected information you would share and under what circumstances.

Getting More Information

There are several organizations that can assist your business by recommending privacy policies and security technologies, reviewing your privacy practices, and providing endorsements. One of the most respected is TRUSTe (www.truste.org), an independent, non-profit organization established to safeguard Internet privacy and security.

Look at your competitors’ privacy policies and consider them from a customer’s perspective. Make sure that your policy does at least as good a job of informing and reassuring potential customers. Two excellent examples of a privacy policy can be found at www.ftc.gov/ftc/privacy.htm and www.amazon.com.

If you have questions about advertising and privacy laws, or how they are interpreted and applied to business, it's best to consult a lawyer.

Author
Websites.com

Article Source: Verio

Please login or register to post a new comments