Importance of Website Privacy Policies
Privacy policies, you know you have seen them, but do you have one for your website?
A business should maintain a privacy notice if it any one of the following:
• Collects personal information or information that is or reasonably can be associated with a particular customer, computer, or mobile device.
• Engages in online behavioral advertising.
• Is a member of the Network Advertising Initiative.
• Operates in any of the following industries:
o businesses directed towards children;
o businesses collecting information from minors under 13 years of age; or
o other regulated industries
Even if the business does not collect, use, disclose, or share personal information and is not required by law or industry standards to maintain a privacy notice, many businesses find having a privacy notice is still valuable! Below are a couple of benefits beyond only complying with the laws. — I like to say the laws should be the benchmark not the goal.
• Marketing benefits, to reassure consumers that their information is appropriately collected, transferred to third parties, or otherwise used.
• Avoiding regulatory oversight or unwanted attention by the FTC and other state and federal agencies.
• Notice. The policy should clearly inform visitors about the types of personal information collected and describe in detail how it is collected, used, and shared.
• Choice and consent. The policy should provide visitors with choices regarding how their personal information is used or disclosed and may need to obtain consent if it is used for purposes unrelated to the business’s interaction with the visitor.
• Access. The policy should describe how users can access, correct, and remove any personal information collected by the site.
• Security. The policy should describe the steps taken by the site operator to protect personal information.
Potential Legal Issues
• Federal Trade Commission Act, regulating unfair or deceptive business practices and providing guidance on consumer privacy disclosures.
• Children’s Online Privacy Protection Act, regulating the online privacy of children under 13.
• Gramm-Leach-Bliley Act, regulating personal information held by financial institutions.
• State privacy laws, particularly for business serving customers in California
If You Have Customers in California, Nevada, or Colorado
California has been a leader in protecting the privacy of its residents, including when accessing and using websites. Websites that collect, sell, share, or use information about residents in one of these states must ensure their notices address these states’ unique requirements.