Welcome to Internet Law Radio. I am Attorney Enrico Schaefer and I specialize in internet law, we represent clients across the world on a variety of internet legal issues, things that arise on the web, and we handle clients from website operators on through to people who are interacting with websites. Today, we’re talking about privacy policy drafting and what needs to be included in a privacy policy on a particular website, typically found in the terms of service (TOS) or terms of use (TOU) area of a website.
Essentially, you want to think of a privacy policy for a website as legal document which not only protects the website owner, but also provides notice and clarity and transparency to the website visitors, to the people that come to that website, so that they can feel safe and secure about how their information, how their data is being used by the website operator. So, essentially, a privacy policy is a statement that discloses to the users the way information is going to be gathered, the way information is going to be used, how client or customer data is going to be stored and variety of related issues.
If an end-user is going to be uploading information such as name or email into the website, they have a right and expectation to understand what the website operator’s privacy policy says is going to happen to that information. So, from the consumer’s standpoint, the consumer typically wants to know how their information is being used. From the website operator’s standpoint, they want to be protected against liability if, in fact, they should collect personal information from a consumer or visitor to their website. They want to be able to set limits to any exposure in terms of liability or a lawsuit that may be filed against them by being able to rely on the privacy policy that states: Hey! We disclosed to the end-user, to the website visitor, that we were going to be gathering this particular personal information and, they agreed by visiting the website that, in fact, they concurred with the privacy policy.
So, let’s talk a little bit about fair information practice. Fair information practice essentially has about five elements. One is you’re going to be providing notice to the website visitor that data is going to be collected as a result of their visiting and surfing and linking through a particular website. The next thing you want to do is provide website visitors or consumers choice. You need to provide them options as to whether and how personal information is not only going to be taken, but how it might be used by the website operator. You’re then going to be providing information on access. Does an end-user or consumer have the ability to contact the website operator to see the information that’s been collected? And to determine whether it is going to be accurate or complete, etc.
Again, a privacy policy is going to provide notice, a privacy policy is going to provide choice, a privacy policy is going to provide access, and for many data collection activities, you have to also, in your privacy policy, talk about security. Typically, you’re going to advise the consumer that, for instance, you either do or do not take security measures with regards to their data. In some instances, you’re required to take security measures as a website operator with personal information collected from website visitors.
These are general principles that you’re going to need for both enforcement and compliance purposes. So, are privacy policy best tips are:
Number one, you need to understand your business model, especially if you are a new internet start-up or a new internet business, a small business that’s looking to get launched. You should not be simply cutting and pasting a privacy policy from another website and putting it on yours. Privacy policies are, by their very nature, custom. They need to understand what you are doing in terms of consumer interaction, website visitor interaction, and what you plan on using with data that you may collect.
The second tip for privacy policy drafting is that you need to be transparent. It is very important that you’re honest and forthright with your website visitors and customers as to, again, what information is being collected, how that information is being used and what choices a consumer website visitor has with regards to the information that you are receiving.
The final tip in drafting a privacy policy for your website is to attack the problem in iterations. You need a Version 1.0 privacy policy that’ll give you a good level of protection, but you constantly need to be revisiting your privacy policy. When you’re going through your business model as you are evolving, as your business model is changing, as you’re adding functionality to your website, you need to revisit the privacy policy and draft new terms or revisit old terms when your drafting, so that your website is constantly not only being innovative, but that your privacy policy is keeping up with your website and your data collection activities of personal information.
Drafting a privacy policy is extremely important. You should contact an internet law attorney who specializing in cyber law and understands the internet when you start to draft a privacy policy. For a fairly modest attorney fee, you can get a very good privacy policy drafted, which would give you a solid level of protection, and every six months, come back to that privacy policy and revisit your drafting, revisit your goals, understand your potential liabilities and make sure that your privacy policy is staying up-to-date. Drafting a good privacy policy can save you a lot of headaches down the line and build you an awful lot of consumer goodwill.
That’s all for today, I am Internet Law Attorney Enrico Schaefer, and we will see you next time.
Comments