E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: Business 2.0

Posted on January 8, 2001

      With the likelihood of U.S. online privacy regulation looming large this year, smart businesses should move now to improve generic online privacy policies. Consider these tips from privacy policy pros.

      Among Internet-related legislation likely to pass this year, online data privacy law is a top contender. While Congress has yet to deliver online privacy laws--with the exception of the Children's Online Privacy Protection Act (COPPA)--pressure from consumer advocates continues to mount. There is no bulletproof way to prepare for a stricter privacy climate, but experts say companies should act now and prominently post effective, efficient privacy policies on Websites.

      Beyond preparing a company for possible regulation, a good privacy policy can also be a marketing advantage, some privacy advisers add.

      "Smart businesses can position themselves strategically," says Christopher Hamilton, an account supervisor with Ogilvy Public Relations Worldwide, which has helped financial and online health companies write privacy policies. "It really is a political communications tool now and the policy not only needs to match disclosure requirements but also build trust and confidence in the company. Privacy has really become a business ethics issue. It's not so much technical compliance."

      Obviously, composing the actual words that make up the privacy policy should be the last step in a long and thoughtful process. A basic privacy policy needs to address the four main tenets of "fair information" practices as recommended by the Federal Trade Commission (FTC): notice, choice, access, and security. While many of today's privacy policies address those areas well, they also drown potential customers in legalese. The words represent the policy and the company, so it's important not to leave the language up to lawyers, Hamilton says.

      "A lot of the reason these policies are not understandable is because clients will just tell lawyers, 'Hey, give me a privacy policy,' without having people sit down and decide what they want it to say," says Bart Lazar, a partner with the high-tech section of the Seyfarth Shaw law firm. "They are looking at the privacy policy as a burden to the company and not as a good thing."

      Perhaps the most difficult--and important--question a company must address is how flexible the policy should be. When it comes to notice, companies essentially have two choices. They may strictly address their current practices--knowing that future business decisions may require a policy rewrite. Or they may craft a wide-ranging policy that addresses future possibilities but lacks specifics.

      "It's always hard to predict the future, so you can decide to devise a privacy policy that has a lot of wiggle room," says Lazar.

      However, keep in mind that open-ended policies do not sit well with privacy advocates and regulators, like Dana Rosenfeld, an assistant director of the FTC's Bureau of Consumer Affairs.

      "A common problem we see are kitchen-sink policies where a company might throw in anything possible that they might do with information," says Rosenfeld. "They don't use the information in those ways, but they are just covering themselves. That's not helpful and doesn't really inform consumers."

      Hill Wellford, an intellectual property lawyer with Gibson, Dunn, & Crutcher, advises clients to remind customers of circumstances when the company may have to share private information with law enforcement.

      "Don't scare customers any more than you have to, but do mention that information will be shared at the legitimate request of the government with a subpoena," says Wellford.

      Given the existing children's online privacy law, which states that information cannot be collected from children under 13 without verified parental consent, Wellford advises indicating compliance.

      "It does you no harm because it's one of the few places where there is a bright line," says Wellford. "It's wise to throw it in just to reassure anybody who reads [the policy] that you are aware, and you are not collecting the information from children."

      Finally, if a company gives users the option of not having their information collected, the Website should make that option realistic and prominent.

      "Many privacy policies I've read say users have an opt-out, but they don't show how they can do that," says Hamilton. "That's politically stupid. This is too prominent an issue that incites visceral reaction among Americans to make those kinds of mistakes.

      "If it's a small-font text link at the bottom of the page, that gives a message," adds Hamilton. "But if it's at the top with a clear button and you can continually link on it no matter where you go into the site, you understand this company is proud of its privacy policies."

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.