A privacy policy is a disclosure on your website that informs people what you do with information about them.

Many webmasters get hung up on what should be in their privacy policy. They are looking for magic words or wondering what legal requirements they need to check off.

There are none. All you have to do disclose the information collected and what is done with it, so someone can decide if they want to provide you with that information.

One of the biggest misconceptions is that having a privacy policy means you must protect someone’s policy. Not so. This is merely a disclosure. If your policy is to collect email addresses and sell them on black market websites, then that is your policy and it should be disclosed. You may not get too many people to give you their email address – although that assumes they even read your policy. Hardly anyone does.

If you are doing something unexpected and evil with customer information, such as selling email addresses from our example, keep in mind it may not be sufficient to have that key detail buried in a privacy policy. The FTC may say you need to make a more prominent disclosure directly where people are are providing their email addresses. This is because most do not read privacy policies and such a policy is so out of the ordinary and would significantly effect decisions about providing an email address.

But for most purposes there are no magic statements in the privacy policy. Just disclose what you do, or not do, with private information that is collected.

Filed under: Internet Law

Like this post? Subscribe to my RSS feed and get loads more!