Does your website use a Privacy Policy to mitigate online risks?

Whether you are an individual hosting a private blog, a large company or anything in-between, if you have a website then you should have a privacy policy.

A privacy policy is a statement provided by website regarding information collected from or about visitors. This statement describes what information the website collects from its visitors and how that information is used.

If you are a business, you may be required by law to describe your privacy practices. However, all websites should have a privacy policy to manage visitors' expectations of privacy and prevent litigation and fines.

The U.S. Small Business Administration has suggested a few tips for creating a privacy policy:

  • Describe how your website uses cookies (cookies are small file stored on a visitor's device used to store information about the user.) Cookies may be used directly by your website or they may be used by analytics tools or ad providers used by your site. More information about cookies can be found here.

  • Describe how you share information about your visitors/customers. This should include marketing activities performed by you (e.g. marketing emails, newsletters, sales calls, etc...) as well as how you share information with other organizations (e.g. soliciting quotes from a third party on a client's behalf). Be sure to disclose if you sell or disclose contact or other personal information to a third party. Also inform the visitor/customer if their explicit consent will be required before their information is shared.

  • Describe methods that may be used to opt-out of marketing emails/newsletters and other marketing activities as required by CAN-SPAM laws.

  • If your website is targeted towards children under age 13. Be aware of, and ensure your privacy practices comply with the Children's Online Privacy Protection Act (COPPA)

  • Ensure the privacy policy is easily accessible from your website. The privacy policy is often found in the footer of each page. Make sure the policy is accessible from your shopping cart/checkout pages if your site uses them.
    TIP: Display your privacy policy in a prominent way to market your commitment to privacy.

  • Have your policy reviewed by a qualified third party and by a legal professional. Having your policies reviewed by a third party will allow you to obtain a seal of approval. This can provide added credibility to your site. In addition having a legal professional review your policies will help determine if your policies are adequate.

  • Finally, make sure you, and your organization, follow the policies that you have established. Failure to do so may result in investigation by the Federal Trade Commission, litigation, or fines.

While these recommendations are a great start, we strongly recommend that you have your policy reviewed by a qualified legal professional to ensure that your privacy policy meets the legal needs of your situation. We also recommend that you are familiar with federal, state, and local legislation that may affect your privacy practices, such as HIPAA.

While risk management techniques, such as privacy policies, are essential to protecting your organization, we believe that organizations should also obtain cyber liability insurance. To learn more about cyber liability click here or call us at (801) 506-5060.

Additional Information may be found here:

US Small Business Administration: 7 Considerations for Crafting an Online Privacy Policy