With the number of identity thefts skyrocketing, most people are reluctant to part with their personal information online. The trouble is, almost anything you do online requires parting with some personal information, or at the very least, tolerating some invasion of privacy in the form of cookies and server logs. People who visit your web site face this dilemma too. You can allay their fears by posting a comprehensive privacy policy on your web site.
The Need for Privacy Policy
Inspiring confidence in customers is not the only reason to have a privacy policy. Sometimes you are legally required to post a privacy policy on your Web site depending on the nature of your web site, the location of your server, or the location of visitors to your web site. If you are in the financial services or healthcare industry, there are specific regulations as to what your privacy policy should contain. Some states like California have specific requirements too. So the first step in developing your privacy policy is to find out legal requirements, if any, which may be applicable to your web site.
What Privacy Policies Contain
Your site’s privacy policy must contain information about:
- What information you collect on your web site
- How you store it online and offline
- How long you store it in your system
- What you do with the information
- Whether you share it associates and partners and why
- Whether you sell it to mailing list companies and under what circumstances
- How users can alter or remove their information from your database
- Whether users can opt out of their information being collected
- Whether you allow third parties, such as advertisers, to collect user information from your site
- What users can do if they find that your site is in violation of the stated privacy policy and the contact information of people responsible for resolving these issues
How to Generate and Post Privacy Policies
Unless you are lawyer, you may find it difficult to draft such a policy. It is a good idea to have a lawyer draft it, or at least look it over. But if you don’t want to hire one for whatever reason, you may want to look at the privacy policy generator on Direct Marketing Association’s web site. You can find it at http://www.the-dma.org/privacy/creating.shtml.
The generator asks you to provide some basic contact information and then answer a few multiple-choice questions about how user data is collected on your site and what you do with it. After you check the applicable options, the generator produces a privacy policy document in HTML which you can cut and paste on your site.
Once you create a privacy policy, make sure that your users can find it easily. People typically look for privacy policies in the About Us section, in the footer, on sign-up or login pages, and on shopping cart check out pages. Put a link to your privacy policy at these locations or pages.
Managing Changes to Privacy Policy
You can’t forget about the privacy policy once you create it. Web sites change over time and the changes may affect the privacy policy. Therefore, whenever you make a change to your web site, you must ensure that the change complies with your stated privacy policy. If it doesn’t, you must alter the policy and inform the users by prominently displaying a notice to that effect on the privacy policy page on your site. For example, let us say your privacy policy states that your site does not allow third parties to place cookies on the user’s computer. If you then want to hook up with an advertiser that sends down third party cookies, you must either reconsider the alliance or change your privacy policy.
Machine Readable Privacy Policies
If you think writing privacy policy is difficult, imagine how difficult it must be for users to read and understand privacy policies of scores of sites. To get around this problem the World Wide Web Consortium (W3C), the web’s standards body, decided to incorporate machine readable privacy policies into its standards. It came up with a specification called Platform for Privacy Preferences (P3P).
New browsers such as Internet Explorer 7 have built in support for P3P. You can click Web Page Privacy Policy … on IE 7′s View menu and a dialog box such as one in Figure 1 pops up.
Figure 1: Web Page Privacy Policy in IE 7
If you click the Summary button after selecting the site or one of the pages in the dialog box, a summary of the applicable privacy policy pops up in a new window, as shown in Figure 2.
Figure 2: Privacy Policy Summary
As you can see, this summary is a lot easier to read than a legal document with lots of hereinunders and thereinafters.
Generating P3P Documents
P3P documents are written in eXtensible Markup Language (XML). XML is even more tedious to write by hand than legalese. Fortunately, there are many editors which can generate P3P documents. Most of them require you to pay a fee, but a complimentary 90-day evaluation version one is available from IBM at http://www.alphaworks.ibm.com/tech/p3peditor.
A Web page at http://www.oreillynet.com/pub/a/network/excerpt/p3p/p3p.html?page=2 describes how P3P works and how to use IBM’s P3P editor to generate and deploy P3P policy documents.
If you don’t want to install software or try to understand the various P3P options, several paid P3P generators are available on the Web. You can look for them by typing "P3P generators" in Google.
A good, easy to understand privacy is key to reassuring visitors and customers that their information is in safe hands. Make sure your web site has one.
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.
