Your website’s Privacy Policy: Draft carefully and always abide by it.

Sun, Jul 15, 2007

Read in 2 minutes

With such a big risk, why should companies even post a privacy policy at all? After all, it is impossible to violate a privacy policy that does not exist. However, some jurisdictions require websites to have posted privacy policies.

Your website’s Privacy Policy: Draft carefully and always abide by it.

Almost every e-Commerce website collects personal identifiable information from its users. Personal identifiable information includes name, address, e-mail address, phone number, social security number, date of birth, age, gender, income, occupation, browsing patterns, etc.  Many websites have a posted privacy policy explaining what information is collected from the users of the website and how the information is used.

Once a company posts a privacy policy on its website, it will be held legally liable for its failure to abide by the policy. For example, Geocities’ website contained the statement “we will never give your information to anyone without your permission.” However, when it appeared that Geocities sold and disclosed the information to others, the FTC accused Geocities of misrepresenting its reasons for collecting information from adults and children. The matter eventually settled.

So with such a big risk, why should companies even post a privacy policy at all? After all, it is impossible to violate a privacy policy that does not exist. However, some jurisdictions require websites to have posted privacy policies.

For example, the California Online Privacy Protection Act requires websites to 1) identify the categories of information collected and with whom the information may be shared; 2) describe how to review and change the personally identifiable information; 3) explain how to find out about changes to the privacy policy; and 4) indicate the effective date of the privacy policy. Additionally, websites that collect information from children are subject to the requirements of the Children’s Online Privacy Protection Act (COPPA). The European Union also imposes privacy protection requirements for websites who operate in or have customers in the European Union.

Therefore, if your website obtains business from California residents, children, or the European Union, you must have a carefully drafted privacy policy and must abide by it.

Cyber Lawyer, Domingo J. Rivera, is an attorney specialized in Internet Law, handling cases throughout the United States.