First, this policy should include your legal business and/or site name. Your address and contact information should also be included. If you are running a home based business and you do not want this information made public, consider opening a PO Box with your local post office, or hire a mail forwarding service.
Now, you will need to address whether or not you collect any information from your site visitors and what you do with this information once it has been collected. For example, discussion forum owners typically require their visitors to register, providing their real name, address and email address. If this information is collected and stored for use by the site administrator, this will need to be noted. If your site holds a survey that requests any personal identifying information, this will also need to be mentioned. In short, if you collect any form of information from your site visitors, they need to know what you plan to do with it.
For ecommerce sites, this can be a little more complicated. Most stores will have to share their customer’s data with a third party somewhere along the line. For example, if you have a merchant account, this data would be transmitted to a “third party.” Or, if you have a supplier that does drop shipping for you, once again, you would be sharing this information. If you intend to sell your visitors information, which is never recommended, they will need to be notified of this point.
The DMA has provided a wonderful (and free) tool for business owners who want to create their own privacy policies. You’ll be asked a series of questions, which are then pulled into an official policy when you’re done. This is a great place to start if you’re new to privacy policies in general. http://www.the-dma.org/privacy/creating.shtml