Jump to Main Content
USA flagAn Official Website of the United States Government
Managing a Business

Blogs.Managing a Business

Register

7 Considerations for Crafting an Online Privacy Policy

Comment Count:
5

Comments welcome on this page. See Rules of Conduct.

7 Considerations for Crafting an Online Privacy Policy

By Caron_Beesley, Contributor
Published: March 28, 2012 Updated: June 26, 2012

If you are starting an online business, conducting email marketing, or interacting with your customers via your website, then you need to be aware of and adhere to online privacy policies.

What do online privacy policies accomplish? Why do you need one? Sometimes, it’s required, such as the statutes that govern email SPAM.  Others are optional. In general, your online privacy policy is your company’s pledge to your customers about how you will use, not use, and protect the consumer data you collect from them.  Check out SBA.gov’s own privacy policy as an example.

A privacy policy is not just lip service to your customers. You'll need to make sure your business follows the policy by implementing reasonable security measures to protect your customers' data.  Failure to follow your business's privacy policy can result in costly legal fees.

The thing about online privacy policies is that they differ from business to business and must be tailored to fit each business’ needs. However, there are some general guidelines and laws to be aware of as you craft your policy.

1. Explain How You Collect and Use Personal Information

While not required by law (although the Federal Trade Commission prohibits any deceptive practices), creating a privacy policy is important if you want people to buy your products. This is particularly important if you are involved in e-commerce or if you collect information in surveys or marketing forms. Every customer has a right to know how you collect and use their information.  

Online privacy policy generators (just run a search on that term and you’ll find them) can help you craft a policy. As you craft yours, be sure to clearly explain the following:

  • Your Cookie Policy – Cookies are used to store user preferences or shopping cart contents. Clearly explain your cookie practice.
  • How You Share Customer Information – Customers need to know that their data will only be used to complete the transaction and that any further use of that data (including selling or distributing it) requires their consent.
  • Contact Information – Make it easy for your customers to contact you or file a complaint.

2. Display Your Privacy Policy – Make sure new customers or users have easy access to your policy by prominently displaying links to it (from your home page, product pages, and in the shopping cart). Remember, you want them to feel comfortable that you take their online security seriously.

3. Publish Your Email Opt-Out Policies – Include opt-out options in your email marketing (the CAN-SPAM Act requires it) and on your website so that your customers have the option of changing or canceling their email notices. Read more about opt-out and CAN-SPAM laws in SBA’s guide to Online Advertising Law.

4. Collecting Data from Children – If your website targets children under the age of 13, you’ll need to comply with the Children’s Online Privacy Protection Act (COPPA).

5. Adhere to Your Policy – Adherence to your policy is important from the standpoint of both customer credibility and the law: the Federal Trade Commission will investigate complaints of unfair or deceptive practices. A case in point: its recent investigation of Facebook privacy practices. As new technologies emerge, such as mobile apps, online communities, and social media, be sure to update your privacy policy to align with any changes to the way you capture and protect consumer information.

6. Get a Seal of Approval – Third party validation of your online privacy and security policy can enhance your credibility.  For a fee, these companies can help you create your privacy policy, or review your existing one, and conduct an annual audit to test your compliance.

7. Talk to an Expert – The Federal Trade Commission is constantly reviewing privacy issues. Areas such as cloud computing, mobile applications, social media, and other online services are increasingly coming under the spotlight. If you do most of your business online, talk to a lawyer who specializes in Internet or online law to determine whether your policies are adequate.

For more detailed tips, take a look at SBA’s Guide to Online Privacy Law for tips on implementing a fail-safe policy.

Additional Resources

About the Author:

Caron Beesley

Contributor

Caron Beesley is a small business owner, a writer, and marketing communications consultant. Caron works with the SBA.gov team to promote essential government resources that help entrepreneurs and small business owners start-up, grow and succeed. Follow Caron on Twitter: @caronbeesley

Comments:

There are a few sites that will autogenerate them for you. I use legalriver. If you run a site that uses Google adsense then a privay policy is required to obide by the terms.
Thank you for this post it really helped me out This post was edited to remove a link. Please review our Community Best Practices for more information about how best to participate in our online discussions. Thank you.
Thank you for your sharing its helps me a lot.
Succinctly pointed and explained. Personally, I would exercise more care and caution when it comes to e-commerce websites and websites owned by financial institutions and banks. Besides cookie and privacy policies, recent experience on facebook privacy issues, Google redoing the entire privacy policies (that requires a lot of time and skilled legal staff), it is important to structure a privacy policy from a long term perspective. Legally, one could approach a law firm but I believe privacy policies need to be linked to organizational structure so a lot is expected from the business/website owner as well. Thanks for the article.
The main question I have is why proper privacy policy is so important. I mean a friend of mine has several blogs and he simply copied PP page from some other websites and doesn't have any problems with that.

Leave a Comment

You must be logged in to leave comments. If you already have an SBA.gov account, Log In to leave your comment.

New users, Register for a new account and join the conversation today!