As online professionals and entrepreneurs, you know that collecting information on visitors to your (or your client’s) website can help tailor goods and services. It offers insight that previously could only be gathered through expensive research. Today, though, data collection can be easy and inexpensive.
But with this type of information, businesses face a daunting task of protecting the data and telling visitors and/or consumers what will be done with the information. Regardless of whether site visitors read the terms and conditions, companies can’t overlook the creation of policies that set out how such information will be used.
As professionals in the online world, often we’re expected to know all of the rules and regulations when it comes to what a company can and cannot collect or do with the information that is collected. Marketing wants to collect certain information and use it as a competitive advantage, but the company as a whole may want to convey a different sense of privacy, which creates internal conflict.
Privacy and personal data collection are areas where consulting with legal counsel may be necessary if your industry is regulated or if you want to be very aggressive with the data collected. The collection methods also need to be confirmed with the IT professionals who create the back-end tools.
In addition, following the policy set forth is imperative so there is no risk of sanctions. This is why having a policy custom-tailored will always be better than using a stock policy or cutting and pasting from what you find on the Internet.
The Elephant in the Room
It wouldn’t be a complete discussion about online privacy without mentioning Facebook and the recent ruling by the FTC that the social network deceived consumers by telling them their information was private when in fact the data was exploited beyond what was agreed.
While Facebook was not fined, the settlement is quite strict and obligates Facebook to undergo third-party reviews for 20 years.
For a platform that relies on users sharing information, Facebook turned a blind eye to the disparity between what they agreed to do and what, in fact, they did. But consumers are very savvy and complaints ignored by the company were taken to the FTC.
The social network faced the potential for millions of dollars in fines. Ultimately, though, that may have been a lesser punishment than what was agreed upon because of the length of monitoring.
Unlike for most companies, users of Facebook are highly involved and very vocal. Even though the company is still in its infancy, this big stumble was likely a wake-up call. Not just for the social network, but also for the online business community as a whole. Consumer deception is becoming a bigger concern, and Internet users are savvier with each passing day.
When you think of the policies and disclosures that belong on websites, it should come as no surprise that big companies have them drafted by a team of lawyers. If you’ve ever read them, you’d agree.
First, and foremost, write it in plain English (or if your primary language is something else, then that language). Determine what information you would be gathering—email, cookies, subscription information, credit card, login, gender, age, etc.—and make sure there is a legitimate reason for collection. And once you have all this information, identify what you are doing with it.
- Write in language that is easy to read and understand.
- Explain what information will be collected and whether it will be identifying or anonymous. If it’s both, say so.
- Without getting into lengthy detail, explain how it’s collected (such as search terms, sign-up, log files, clicked links, cookies).
- If you’ll share information with affiliated, partner or other sites, be clear about this. Most people are concerned with who else is getting their information.
- Simply state that if compelled by law to disclose, then you’ll comply with such orders.
- Give readers the option of verifying, correcting, changing or removing personal registration information. I suggest having a separate email for this purpose so you know exactly the nature of this communication.
- State that the policy will be updated periodically and how you will communicate such changes.
Privacy policies are often not given the attention they deserve. Many companies churn them out, not realizing their true importance. While not everyone will read the policy, it’s these types of policies that say a lot about what the company stands for and what it wants to achieve. Information is key to future growth. It provides insight that can’t be replicated in other ways.
Most companies don’t have the resources or reputation that the largest social networking site has, and being singled out for deceptive practices could easily crush them.
Success tomorrow depends on not just doing the right thing today, but doing it every day. Most of us want our information kept secure. And our most valuable asset—our customers, users and community members—do too.
What do you think? Have you written a policy for your business? Leave your questions and comments in the box below.
* This article does not specifically address policies regarding children under 13. The Children’s Online Privacy Protection Act (“COPPA”) will be addressed in a future treatment.
Disclosure: While Sara Hawkins is an attorney, this article is for informational purposes only and is not to be considered legal advice.
Image: Simon Howden / FreeDigitalPhotos.net
Sara Hawkins is a lawyer, blogger and doer. No longer happy waiting for someday to find her, she's finding ways to make her somedays happen. Other posts by Sara Hawkins »