Up until about 10 years ago, the rules governing companies providing access to customer information were at best a gray area. Just within the last year, Americans have witnessed the infiltration of hackers into banks, credit card companies and government agencies. Rightfully so, people are becoming increasingly more cautious about providing access to their personal information. This new level of scrutiny has come on the heels of too many companies misusing or failing to protect information accumulated through the company’s website. Furthermore, consumers are becoming increasingly more leery of the ability of technology to prevent violation of their privacy.

What is an Internet Privacy Policy?

A privacy policy is a published statement posted somewhere on a company’s website. The purpose of a privacy policy is to make the appropriate legal disclosures about how the company views its responsibility related to protecting the privacy of users/visitors and how they intend to collect, use and store any data they request. The policy should also provide contact information to be used should any person feel the company is responsible for any possible infringements on the person’s privacy.  It’s important to note that your privacy policy is not the same thing as your terms of service. Terms of Service set out the rules that users must follow when using a website or app. You can read more details about Terms of Service in an upcoming blog post.

What Should a Privacy Policy Include?

There are five sections on a standard privacy policy disclosure. Each section should be written in a manner that is easy to read and understand. These sections include:

• Introduction – This section might include a little information about the company, the reasons for collecting data and any special restrictions on the data collected.
• Information Collected – This section should be used to tell people exactly what information your website is collecting. Other than host names and IP addresses, customers will most likely be aware of what’s being collected since they are filling out forms or answering questions. That said, the policy still needs to state what information is being collected.
• Method of Collecting Information – This section specifies which forms and queries are being used to collect information.
• Information Storage – This section should be used to detail how and where information is being stored as well as how the information is being protected. Also, this would be the place to disclose whether or not you intend to share the information as well as with whom and why.
• Contact Information – In this section, you want to indicate the company want to be transparent by offering an email address, physical address and phone number for people to use should the have questions or problems.

Does Your Website Have a Privacy Policy?

In the past, whether or not a website had a privacy policy was irrelevant to most users. There was always a willingness from consumers to provide personal and banking information without considering the ramifications. Given the aforementioned events of the past, that level of trust has been replaced with more users making requisite inquiries into a website’s privacy policy. If the customer is going to provide personal information, they want to know exactly how that information is going to be used, stored and protected. As a business owner, you should be aware of how your website uses customer information. You should also be aware of storage issues and what types of software are being used to keep your website and software safe. The question mentioned above is basically questioning your level of awareness about your website. If your website doesn’t have a posted privacy policy, you would be well-served to consider providing one. If it has one but you’re not sure where to find it, you should consult with whomever built your website.

What a Privacy Policy Looks Like

It’s very important to take the safeguarding of your customer’s information seriously, and it’s imperative that you understand all of the in’s and out’s of your privacy policy and what is required of you or your company. While you can use other company’s privacy policies as a point of reference, it’s generally not advisable to copy them and use them as your own because legally, companies get fined by the FTC more for violating their privacy policy, not for failing to have one. Make sure your privacy policy reflects your business practices and that you’re not applying generic, inapplicable terms that don’t add any value to your site or protecting you from liability.

To use as a point of reference, the team over at Automatic made their privacy policy for WordPress available under the Creative Commons: http://automattic.com/privacy/

Knowing The Law

Make sure to familiarize yourself with information provided by various US federal and individual state regulations and policies including (but not limited to): COPPA, FERPA, HIPPA, and others.

California Business and Professional Code

COPPA – Children’s Online Privacy Protection Act

FTC – Marketing Your Mobile App: Get It Right from the Start

FERPA – Family Educational Rights and Privacy Act

HIPPA – The Health Insurance Portability and Accountability Act

Should Your Website Have a Privacy Policy?

In this day and age, the short answer is yes, your website should most definitely have a published privacy policy. After all, users have an absolute right to know what happens with any information they are asked to provide. Based on recent trends, users have even developed the expectation your website will provide a privacy policy or they will go elsewhere. This has led to more users taking the time to locate and read each website’s policy. Why is it so important? To begin, you have a legal obligation to protect the privacy of your users and you should publish the policy to eliminate questions. Beyond the legalities, you want to use your privacy policy as a means for building trust and showing your users that you operate with complete transparency. When they get a sense you care about their well-being, they end up feeling more secure about transacting business through your website.