Website Privacy Policies
Flat Fee Arrangement
Purpose and Approach
Privacy Policies primarily regulate how a website collects personal information from its users and how such information will be used. In the U.S., the Federal Trade Commission (FTC) is primarily responsible for the enforcement of website privacy commitments. Additionally, the majority of states have implemented laws that impose obligations as to how personal information is maintained and what activities must be undertaken if personal information is breached. Also, where users are located in other countries or where personal information is being transferred from or to other countries, then the privacy laws of such other countries may also be binding upon a U.S. based website.
Following are some of the main provisions and issues that need to be considered when preparing Privacy Polices. There are quite a few other issues that also need to be addressed.
- What Information is Being Collected. Privacy Policies need to specify the type of information that will be collected. It is best to be broad in the description. However, it is not a good privacy practice to collect more information than is reasonably necessary for the purposes of the website. Descriptions of information collected would usually include all of the typical personal contact, identity and preference information, but should also include the non-obvious information like IP address, browser type, host operating system, etc. that is automatically collected. Under the Children’s Online Privacy Protection Act (COPPA), parental permission is required to collect personal information from children under the age of 13. There are narrow exceptions to this requirement, and the method of verifying parental consent needs to be strictly complied with.
- How Information is Collected. User information can be collected by a variety of means, through registration forms, by means of cookies and web beacons, etc. These methods should be clearly stated.
- How Information is Used. Information may be used for a variety of purposes, such as to personalize content presented to users, to serve advertising and deliver other information, market research purposes, carry out agreements entered into between the website and the users, and to notify users about changes and features of the website. These uses should be clearly stated.
- Security Used to Protect Information. Websites are not generally required to state the type of security that will be in place to protect the information from unauthorized access. However, many users what to see this. Once security procedures are stated, failure to comply with such procedures could subject the website to action by the FTC. Therefore, it is important not to overstate the actually security that will be in place. It is also important to clearly state the limitation of any security system. No system is absolutely secure from unauthorized access from hackers.