THE IMPORTANCE OF PRIVACY PROTECTION
As companies set up their businesses online, they must make privacy protection a priority if they are to maintain the trust and confidence of their current and prospective customers. Today, more than ever, technology has made it easier to collect information about people, analyze that data in seemingly limitless ways, and then use that information for various purposes. The Internet has also raised new privacy concerns. Companies can track consumers as they move through their Web sites, collect information about them online, and potentially give that information to other sources.
Most people will not remain a customer very long if they feel their privacy has been compromised online. Survey after survey has shown consumers' concern about privacy and security of personal information is holding them back from buying online. Companies can benefit by taking a proactive approach to protecting consumer privacy in this emerging online marketplace. A good way to start is to develop and post an online privacy policy on your company Web site, and ensure that your practices are consistent with that policy.
WHAT IS AN ONLINE PRIVACY POLICY?
An online privacy policy is a statement you post on your company's Web site, informing consumers how you handle personal data online. Each company has unique issues that must be incorporated in a good privacy policy - one size does not fit all. However, there are certain basic elements that make up a good privacy policy.
An online privacy policy should tell consumers:
What information is being collected on your site
Why that information is being collected
How the data will be used (i.e. will you use the data for your own marketing purposes? Will you share the data with a third party? And if so, under what circumstances?)
The security measures taken to protect the data
What choices ("opt out") consumers have about how the data is used
How consumers can verify and correct their account or transaction information
A means to contact your company with questions about the policy or concerns about privacy
You should ensure your privacy policy is easy to find on your Web site. For example, include it in the main menu options on your Web site's home page -- and in a footnote on each page if possible. Provide links back to the privacy statement to make it easy for consumers to find your policy when they are asked to provide personal information. Also, be sure your privacy policy is written in a manner that is easily read and understood.
Use our downloadable template to create your own online privacy policy.
ADHERING TO YOUR PRIVACY POLICY
Writing and posting a privacy policy on your company's Web site is relatively easy. The tougher part is implementing the policy in every unit of your company, and ensuring your company adheres to it.
Posting your privacy policy is making a promise to consumers who come to your Web site, so be sure your company has implemented the policy and has the necessary checks in place to be sure you are in compliance. You run the risk of being found to be engaged in deceptive practices if you have posted a privacy policy that you have not implemented in good faith.
You should develop your policy with the leadership of senior management and the involvement of employees who are responsible for key functions. This is essential to an implementation plan that works and retains a high level of compliance by employees in the day-to-day performance of their jobs. Building privacy into the way the company does business is the only way to ensure that your company meets customers' expectations for the protection of their personal information.
Once your privacy policy is complete and has been approved by the appropriate management, consider the following:
Make sure your entire senior management team fully supports your privacy efforts and demonstrates the leadership necessary for implementation and enforcement throughout the company.
Develop your implementation strategy and performance accountabilities. Some businesses may decide to appoint a "privacy champion" or small management team to oversee implementation.
Communicate to all employees that this new policy is in place, and the importance of privacy to your business.
Educate employees about their personal responsibility to comply with the privacy policy.
Put in place any necessary procedures to ensure that the statements in your privacy policy are implemented on a continuous basis.
Implement a system to respond to and monitor inquiries and complaints, so your company can make changes to the policy or procedures as necessary.
Develop training to ensure that all employees who have access to personally identifiable information understand how to ensure compliance.
You can also conduct an internal audit of your company's compliance or have an outside auditor visit your company once a year to ensure that all procedures are properly being followed in regards to privacy protection.
As technology advances or your practices change, you may find it necessary to change your online privacy policy to ensure its continued accuracy. You should change your privacy policy only when absolutely necessary, so your customers are reassured that your policy is not changed on whim. If you do make a change to your policy, highlight the change within the policy and let consumers know that the highlighted text is a recent update to the policy.
ONLINE PRIVACY RESOURCES
There are lots of resources to tap into learn more about privacy protection. The Federal Trade Commission (FTC) Web site at www.ftc.gov provides a detailed description of its approach to online privacy. Also, organizations such as eTrust offer Privacy Policy Validation.
FTC
eTrust
Bizwire |
|
|
|
|
