skip to main content

What's In Your Privacy Policy?

Do you own a website?
If yes, have you drafted a privacy policy for that website?
As data breaches become more prevalent, online consumers are becoming more cautious about their personally identifiable information ("PII").  They want to know who is collecting their PII, which includes items such as one's name, full address, and Social Security Number, and how the website is using that information.  Most importantly, they want to know that their PII is secure.
Drafting a privacy policy and posting it to your website helps to assuage some of the consumers' concerns.  It also shows that you are taking privacy matters seriously.  In the event that you do have a data breach, proving that you have a privacy policy and that you adhere to it may help to minimize your liability.
You should have a privacy policy even if you are not collecting information that can be identified to one specific user.  For example, if you track how long individuals view your webpages or the general location of your website visitors, this is information that may not disclose the identity of a particular individual.  However, you should still inform your website visitors about this data collection.
If you are wondering what should go into your privacy policy, here are a few suggestions:
*    The Type of Information That You Collect: You need to inform your website visitors as to the type of information that you are collecting.  Is it PII?  Is it non-identifiable information?  Let your website visitors know.
*    How You Use This Information: Are you selling the visitor's information to third parties?  Are you using it for internal marketing purposes?  Are you using it to gauge the interest in your webpages?  Whatever the reason, you should include a section that explains how you are using this information.
*    Accessing and Updating Your PII: You need to explain to your website visitors how they can access the information collected on them by you and what they need to do to change and/or update that information.
It is not enough to simply draft a privacy policy and post it on your website.  You also need to adhere to the terms and conditions set forth in that policy.  Otherwise, having a policy may not minimize your liability if visitors' information is breached.
Also, you should inform your customers any time you update your privacy policy.  I hadn't visited the online streamlining television and movie website Hulu in over a year.  Yet recently, I received an e-mail from them informing me about their updated privacy policy.
If you need assistance in drafting a privacy policy or if you have questions about data and privacy security in general, contact a member of MacDonald Illig's Emerging Technologies Practice Group.
Also, if you know of someone who may be interested in receiving these weekly updates, have them e-mail to be added to the distribution list.