As technology continues to grow, the fears of privacy grow with it. As the threats against personal privacy become more apparent, many people become hesitant to share their information – for fear that it would become shared or sold to third parties. And although privacy is becoming a popular topic in the news, many users and website owners do not fully understand exactly what type of information should be covered or discussed in a website privacy policy.
Companies that conduct business online often gather information from their customers. This is true whether you are simply interacting with consumers via an email form or conducting sales through your website. Often the information gathered is sensitive and can include names, addresses, telephone numbers and credit card information.
As a result, businesses are charged with two mandates. First, businesses should always take steps to protect their customer’s confidential information. Second, businesses should inform their customers as to how they plan on using the customer information they collect – this is the role of the privacy policy.
What is a Privacy Policy
A privacy policy is a statement that discloses the ways a party gathers, uses, and manages its user’s information. If you collect any personal information in your website, such as anything that can be used to identify an individual, chances are you are required to have a privacy policy for your website.
Laws Relating to Privacy Policies
There are specific federal laws to protect consumer privacy. They may not all apply to your business, but it is important to know what they require.
- Gramm-Leach-Bliley Act: The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a law designed to control the ways that financial institutions deal with the private information of individuals. The GLBA applies to companies that deal with financial products, loans, financial services, and advice. The GLBA has three sections. First, the Financial Privacy Rule that regulates the collection of financial information. Second, the Safeguards Rule which states that financial institutions need to have security programs to protect customer information. Third, the Pretexting provisions, which prohibit accessing private information using false pretenses.
- Federal Trade Commission Act: Under this act businesses are required to comply with their stated privacy policies. You cannot say one thing in the privacy policy and then do another.
- Safe Web Act: This act provides tools to improve enforcement regarding spam, spyware, misleading advertising, and privacy.
- Health Insurance Portability and Accountability Act: Also known as HIPPA, this act is designed to protect private health information. It states that health care companies must be clear about when they will and will not share information with other parties.
Why Do I Need A Privacy Policy?
When a website collects information from its visitors, generally, having a privacy policy in place is highly recommended. Other than having a transparent notice to give to your users, allowing you to build trust with your viewership, having a privacy policy in place will allow you to fulfill various federal regulations that require you to identify how you collect and use your visitor’s personal information.
What is User Information?
To put in the simplest of terms, whenever a website visitor provides you any information, it counts as user information that would require you to have a privacy policy. The threshold for what counts as user information is actually very low. For example, if you are a blogger and have people commenting on your blog posts, this counts as user information that would likely require you to have a privacy policy.
What to Include in a Website Privacy Policy
Your privacy policy should first inform your users about the purpose of your business or blog. The policy should also outline how your blog or website works. Next, it should clearly state what type of information is collected from users, including their: social media comments, address, purchases or subscriptions and IP address. Readers should also understand how their information is collected and stored. Is the user generated data stored on a cloud, overseas or on secured servers? Also, if you do share your user’s information, you can discuss how and with whom it is shared in the privacy policy. After all, they have a right to know who will have access to their information.
Legalese vs. Plain English
Your privacy policy should be a clear and concise written statement about how you will use and protect your customer’s information. Your privacy policy should be written in a way that shows what user information is collected and protected or how it will be used and stored in the future.
If at all possible, you should seek to avoid legalese in your privacy policy; as the primary purpose of the privacy policy is to inform your website users, having a document that is easy to read you are not Hiring an attorney is the quickest and easiest way to write a privacy policy that suits your specific business. Privacy policies should also be uncomplicated and easy for the user to understand.
Conclusion
It makes smart business sense to implement a privacy policy for your company. To be sure that you are creating an adequate policy in compliance with the various state and federal laws you should consult a lawyer as your privacy policy should be specifically tailored to your business. At Cordero Law, we are here to help answer any questions you have about business law and can help you create a privacy policy. Contact us for more information.
—
Julian Cordero is an Attorney, Music Producer, and Entrepreneur. Oh and he blogs too! Julian is licensed to practice law in New York and is the Managing Member of Cordero Law LLC, a New York City based law firm focusing on Business Law, Entertainment Law, and Intellectual Property.