CALL US: (530)802-0640

privacy policy

8 Tips for Drafting an Online Privacy Policy

If you are starting an online business and collecting information from your users or customers via your website or a mobile application, then you need to draft and implement an online privacy policy.

In general, your online privacy policy is your company’s pledge to your customers about how you will use, not use, and protect the data you collect from them.

A privacy policy is not just lip service to your customers. You’ll need to make sure your business follows the policy by implementing reasonable security measures to protect your customers’ data.  Failure to follow your business’s privacy policy can result in costly legal fees.

The thing about online privacy policies is that they differ from business to business and must be tailored to fit each business’ needs. However, there are some general guidelines and laws to be aware of as you craft your policy.

1. Explain How You Collect and Use Personal Information

As you draft your online privacy policy, be sure to clearly explain the following:

  • Information Collected – Customers need to know the types of personal information collected.
  • How You Share Customer Information – Customers need to know the types of third parties with whom you may share their personal information. Most customers prefer that their data will only be used to complete a transaction and that any further use of that data (including selling or distributing it) requires their consent.
  • How Customers May Change Their Information – Customers need to know the process by which the they can review and request changes to their personal information.
  • Your Cookie Policy – Cookies are used to store user preferences or shopping cart contents. Clearly explain your cookie practice.
  • Contact Information – Make it easy for your customers to contact you or file a complaint.
  • “Do Not Track” Signals – Disclose how your website or online service responds to Do Not Track signals from Web browsers, and whether third parties may collect a customer’s personal information on your website or online service.

2. Display Your Privacy Policy– Make sure new customers or users have easy access to your policy by prominently displaying links to it (from your home page, product pages, and in the shopping cart). Remember, you want them to feel comfortable that you take their online security seriously.

3. Publish Your Email Opt-Out Policies– Include opt-out options so that your customers have the option of changing or canceling their email notices.

4. Changes to Your Privacy Policy – Include a description of the process by which you notify customers of material changes to your privacy policy, and include the effective date of the privacy policy.

5. Collecting Data from Children– If your website targets children under the age of 13, you’ll need to comply with the Children’s Online Privacy Protection Act (COPPA).

6. Adhere to Your Policy– Adherence to your policy is important from the standpoint of both customer credibility and the law: the Federal Trade Commission will investigate complaints of unfair or deceptive practices. As new technologies emerge, such as mobile apps, online communities, and social media, be sure to update your privacy policy to align with any changes to the way you capture and protect consumer information.

7. Get a Seal of Approval– Third party validation of your online privacy and security policy can enhance your credibility.  For a fee, these companies can help you create your privacy policy, or review your existing one, and conduct an annual audit to test your compliance.

8. Talk to an Expert–Areas such as cloud computing, mobile applications, social media, and other online services are increasingly coming under the spotlight. If you do most of your business online, talk to a lawyer who specializes in Internet or online law to determine whether your policies are adequate.

Please contact my office at virginia@virgielaw.com or 530-802-0640 if you need assistance in drafting an appropriate online privacy policy for your business.

Virginia Ryan provides business law services to clients in Northern California, including Auburn, Grass Valley, Nevada City and Truckee.