What Your Site’s Privacy Policy Should Include

If you have not yet posted a privacy policy on your web site, now is definitely the time to tackle this project. Any site that gathers information from the public, engages in ecommerce, offers a discussion forum or interacts with the public needs to have a viable privacy policy in place to protect their interests. While you can spend a few hundred dollars having an attorney craft an iron-clad policy for you, it may be easier to write your own. You will need to address specific points in this policy to ensure that you are protecting your business interests and your site visitors.

First, this policy should include your legal business and/or site name. Your address and contact information should also be included. If you are running a home based business and you do not want this information made public, consider opening a PO Box with your local post office, or hire a mail forwarding service.

Now, you will need to address whether or not you collect any information from your site visitors and what you do with this information once it has been collected. For example, discussion forum owners typically require their visitors to register, providing their real name, address and email address. If this information is collected and stored for use by the site administrator, this will need to be noted. If your site holds a survey that requests any personal identifying information, this will also need to be mentioned. In short, if you collect any form of information from your site visitors, they need to know what you plan to do with it.

For ecommerce sites, this can be a little more complicated. Most stores will have to share their customer’s data with a third party somewhere along the line. For example, if you have a merchant account, this data would be transmitted to a “third party.” Or, if you have a supplier that does drop shipping for you, once again, you would be sharing this information. If you intend to sell your visitors information, which is never recommended, they will need to be notified of this point.

IP addresses are typically logged by site statistic programs, even though you may not be aware of this. If you are using a statistic program that does collect this data, you will need to include this in your policy. Other site tools such as cookies also collect user identifiable information that your visitors will need to be aware of. By including this information in your privacy policy, you are protecting yourself in the event that a customer or visitor tries to find legal recourse against your company in the future.

Next, you will need to include the state in which the policy will be legally enforced, which is the physical location of your business. You must also state what legal remedies will be available to your visitors in the event that you break a portion or all of your privacy policy. A telephone contact number is usually included at this point, to make it easier for visitors to find your information.

One last important point for your privacy policy is that you should leave enough room to protect yourself in the event that you are required by state or federal law to divulge information about a visitor to specific authorities.

The DMA has provided a wonderful (and free) tool for business owners who want to create their own privacy policies. You’ll be asked a series of questions, which are then pulled into an official policy when you’re done. This is a great place to start if you’re new to privacy policies in general. http://www.the-dma.org/privacy/creating.shtml