Your website’s Privacy Policy: Draft carefully and always abide by it.

Posted by Cyber Lawyer at 7/15/2007 5:43 PM
Categories: Internet Law,Privacy Policy,Cyber Law

Almost every e-Commerce website collects personal identifiable information from its users.  Personal identifiable information includes name, address, e-mail address, phone number, social security number, date of birth, age, gender, income, occupation, browsing patterns, etc.  Many websites have a posted privacy policy explaining what information is collected from the users of the website and how the information is used. 

Once a company posts a privacy policy on its website, it will be held legally liable for its failure to abide by the policy.  For example, Geocities’ website contained the statement “we will never give your information to anyone without your permission.” However, when it appeared that Geocities sold and disclosed the information to others, the FTC accused Geocities of misrepresenting its reasons for collecting information from adults and children.  The matter eventually settled.

So with such a big risk, why should companies even post a privacy policy at all?  After all, it is impossible to violate a privacy policy that does not exist.  However, some jurisdictions require websites to have posted privacy policies. 

For example, the California Online Privacy Protection Act requires websites to 1) identify the categories of information collected and with whom the information may be shared; 2) describe how to review and change the personally identifiable information; 3) explain how to find out about changes to the privacy policy; and 4) indicate the effective date of the privacy policy.  Additionally, websites that collect information from children are subject to the requirements of the Children’s Online Privacy Protection Act (COPPA).  The European Union also imposes privacy protection requirements for websites who operate in or have customers in the European Union. 

Therefore, if your website obtains business from California residents, children, or the European Union, you must have a carefully drafted privacy policy and must abide by it.  

Cyber Lawyer, Domingo J. Rivera, is an attorney specialized in Internet Law, handling cases throughout the United States. 

 del.icio.us  Stumbleupon  Technorati  Digg 

 

What did you think of this article?




Trackbacks
Trackback specific URL for this entry
  • No trackbacks exist for this entry.
Comments
Display comments as (Linear | Threaded)

  • 7/26/2007 10:38 PM Robert Thomson wrote:
    From reading this Internet Law article, it seems to me that there is no way to be absolutely right when it comes to a website's privacy policy. First, not having a privacy policy could create problems in California and overseas. However, having a privacy policy is like creating rules that can only be used against you.
    Reply to this
  • 7/26/2007 11:01 PM James Roberts wrote:
    When it comes to a website privacy policy, it seems to me that staying out of trouble is not very difficult. As long as the privacy policy accurately describes your use of personally identifiable information, you should be able to stay out of trouble.
    Reply to this
  • 8/3/2007 5:26 PM Ruth Olsen wrote:
    Are these website Privacy Policies even enforceable against website users who don't even read them?
    Reply to this
Leave a comment

Submitted comments will be subject to moderation before being displayed.

 Enter the above security code (required)

 Name (required)

 Email (will not be published) (required)

 Website

Your comment is 0 characters limited to 3000 characters.