This article was provided by DisclaimerTemplate.com. Thank you for supporting the partners who make SitePoint possible.
Words and Actions That Can Put You at Risk
Here are five things website owners need to watch out for when drafting and managing privacy policies.
Guaranteeing That Visitors’ Personal Information Will Be Safe
Our website uses secure data collection, processing and storage procedures and other security methods to protect against unauthorized access, disclosure, change or destruction of your personal information, password, username, transaction information and data stored on our website and servers. Your personal information is safe and secure with us.
Should your visitors’ and customers’ personal information be made public because your website gets hacked, or because the information becomes publicly disclosed by other means, the fact that you used a provision similar to the one above could—in the United States— get you sued by the Federal Trade Commission (FTC), for violating Section 5 of the FTC Act, which prohibits unfair and deceptive practices in commerce. (Similar rules apply in other countries, as I’ll discuss below.)
The FTC has also taken legal action against companies that have made exaggerated statements in their websites’ privacy policies—statements that can’t be verified. Always make sure you can keep any promises made in your policy.
Promising to Not Share or Sell Your Email Address and Personal Information
“We will not share or sell your email address and personal information.” This is a common statement you’ll find in most privacy policies, because it’s a reasonable promise that makes visitors and customers feel comfortable giving you their email addresses and personal information. Website owners like this, of course, because it helps them grow their email lists, which can be one of their most important assets.
You could send notice to your entire database asking for permission to sell or transfer their information to the new owners. However, you may not get a positive response to such a request.
Letting Your Guard Down After Your Company Files for Bankruptcy
Your users’ privacy doesn’t go out the window just because your company goes out of business. Few business owners consider the privacy obligations that still apply if their companies go bankrupt.
Again, you could send notice to visitors and customers asking for permission to sell their information, but most people value their personal information and will say no. In any event, at this point, the FTC prefers that you simply destroy your customers’ information.
Think about the notifications you get from companies explaining the changes to their privacy policies or terms and conditions. They notify you because they’re legally required to do so if they want the changes to apply to past customers. For the most part, the same (but not all) privacy laws and legal requirements apply to you when you operate your website or blog.
Here’s a privacy provision that’s required if you’re using Google Analytics:
The above requirement is for Analytics only. Google has additional privacy requirements for its AdSense and AdWords program.
Global Privacy Laws
Since websites are reachable worldwide, you’re obligated to comply with the privacy laws of the countries where your website is accessible to visitors and customers, even if you don’t live or do business there.
As an example: if you do business in the United States, you’re required to comply with the privacy laws of the United Kingdom, European Union, Australia, Canada and other countries that have privacy laws if visitors and customers in those countries can access and use your website.
The privacy laws that affect website owners also affect mobile app sellers. In the United States, the FTC and the state of California are paying special attention to mobile app sellers, because of the capabilities of some mobile apps to gather data without the knowledge of the app user.
The FTC has also commented that many of the mobile app privacy policies are in hard-to-find areas of the mobile app and the app developer’s website. Both the FTC and the state of California have filed suit against numerous app sellers for privacy violations.
Some Final Thoughts on Avoiding Legal Problems
I’ll conclude this article with the following pointers.
Don’t Use Free Privacy Policies
Choose Your Attorney Carefully
Jim Chiodo is the owner of DisclaimerTemplate.com, a Minneapolis-based company that provides attorney-drafted website protection and compliance documents for website, blog and mobile app owners worldwide. These documents include, but are not limited to, privacy policies, terms and conditions, advertising agreements, legally required disclosures and specific industry-related disclaimers.