I’m sure you’ve noticed that most websites include links to their “Privacy Policies” near the bottom on their home pages. You might have even tried to read through one of these Privacy Policies and understand what their purpose. If you have, chances are there was so much legalese that it was hard to figure out what it meant, and why it was there.
Let’s walk through what privacy policies are, and how to prepare one that’s best suited for your web-based business.
What are Privacy Policies?
1. Identify the types of personal information your website collects about its visitors. You might collect the email address of each visitor who posts message to your website bulletin boards or chat areas, or who contact you through a web form or email. You might also collect consumer preference information from website surveys or other pages, and there might be additional information that users volunteer or give while on your website. You should identify each of these types of information.
It’s also good practice to describe the types of information that your website servers automatically log about each visitor, which might include the IP address of the computer the customer is using. You should also state whether your website sets “cookies” on the computer of a visitor, and if so, what information is stored in the cookie and what that information is used for.
3. Describe how a website user can review and make changes to their personal information, if that’s an option available to them. For example, if your website has an e-commerce component and you permit customers to store their shipping or billing information on your website, then you should state how the customer can access that information if he or she wants to review or change it.
Pennsylvania and Nebraska both have laws which prohibit website operators from knowingly make a false or misleading statement in their privacy policies about the use of personal information collected from their users.
Should you care about these state laws if you don’t live in one of these three states? The answer, again, is – probably. If your business targets users across the country (or, more accurately, doesn’t target users in any particular locale), then your website will likely be held to the legal requirements of each and every state. This will be the case if you are in the business of selling informational products like e-books, provide consulting services to clients anywhere in the U.S., or the like.
What do I do next?