This article was provided by MacroTwin. Thank you for supporting the partners who make SitePoint possible.
Did you know that you're legally accountable for the statements made in your website's privacy policy? Have you read and understood each provision in your privacy policy? Do you know what your responsibilities are?
In this article, I'll present five mistakes with privacy policies that could put you at risk of fines or lawsuits. I'll also discuss why it's important to have a privacy policy, and some concluding thoughts on how to avoid legal problems.
Words and Actions That Can Put You at Risk
Here are five things website owners need to watch out for when drafting and managing privacy policies.
-
Guaranteeing That Visitors' Personal Information Will Be Safe
Many website owners tell visitors that their personal information will remain safe and secure by using a provision in their privacy policy similar to this one:
Our website uses secure data collection, processing and storage procedures and other security methods to protect against unauthorized access, disclosure, change or destruction of your personal information, password, username, transaction information and data stored on our website and servers. Your personal information is safe and secure with us.
Should your visitors' and customers' personal information be made public because your website gets hacked, or because the information becomes publicly disclosed by other means, the fact that you used a provision similar to the one above could—in the United States—see you sued by the Federal Trade Commission (FTC), for violating Section 5 of the FTC Act, which prohibits unfair and deceptive practices in commerce. (Similar rules apply in other countries, as I'll discuss below.)
The trouble doesn't end there. Visitors and customers could also file a lawsuit against you because their personal information was disclosed after you had guaranteed its safety in your privacy policy. Under the law, you must take reasonable steps to protect important information and keep it secure. At a minimum, you must obey the privacy guarantees you make to your visitors and customers in your privacy policy.
-
Making Exaggerated Statements in Your Website's Privacy Policy
The FTC has also taken legal action against companies that have made exaggerated statements in their websites' privacy policies—statements that can't be verified. Always make sure you can keep any promises made in your policy.
-
Promising to Not Share or Sell Your Email Address and Personal Information
"We will not share or sell your email address and personal information." This is a common statement you'll find in most privacy policies, because it's a reasonable promise that makes visitors and customers feel comfortable giving you their email addresses and personal information. Website owners like this, of course, because it helps them grow their email lists, which can be one of their most important assets.
But what if you sell your company? Unless you stipulate in your privacy policy that your visitors' and customers' personal information and email addresses will be included as part of the sale, you cannot include them with the sale without first getting your visitors' and customers' consent. If you don't get their consent first, you're violating your own privacy policy, which could get you into legal trouble with the FTC, your visitors and your customers.
You could send notice to your entire database asking for permission to sell or transfer their information to the new owners. However, you may not get a positive response to such a request.
-
Letting Your Guard Down After Your Company Files for Bankruptcy
Your users' privacy doesn't go out the window just because your company goes out of business. Few business owners consider the privacy obligations that still apply if their companies go bankrupt.
Continue reading %Is Your Website’s Privacy Policy Putting You at Risk?%
by James Chiodo via SitePoint
No comments:
Post a Comment