So, the first thing that we try and do is understand a little bit about your business model, and take a look at, for instance, how many transactions are you receiving through your website. What are the security standards that you’re going to have in place in terms of capturing data? That is to say, are you going to have SSL encryption on your website? Is there some sort of vulnerability to attack in order to gain data from your backend database or from your website by third parties?
If you’re going to have some sort of user entry of personal information, what is that information? Name, email address, mailing address, phone number? Are you going to be collecting credit card information or a social security numbers? Special regulations apply if you are getting into that type of information.
Now, several states have some very special rules concerning privacy protection. In fact, California has an Online Privacy Protection Act. If that’s the case, you need to comply with California’s Online Privacy Protection Act, and in order to know whether or not you need to comply with it, you have to ask yourself if you operated a commercial website that collects personal identifiable information from consumers residing in California, and that’s just about everyone today, right? So, you need to do that.
One last point about privacy policies. There is a statute called COPA, Children’s Online Privacy Protection Act, and if you are, in fact, operating a website that is directed at children under 13, then there’s a whole series of regulations and statutes that you need to comply with there.
This is Enrico Schaefer for Internet Law Radio, that’s all for today.