About Privacy Policies for your Site
Also, some sites have joined privacy coalitions or initiatives, which they hope will set standards that, will be recognized as industry norms, such as the Platform for Privacy Preferences (P3P). This allows surfers to automate how their personal identification information is applied, and the need to read every site's PP is negated.
This is done via Web browsers with the ability to automatically read privacy policies. It accomplishes this feat by embedding technology in the user's browser that can confirm whether a site's privacy practices meets the user's predefined privacy preferences.
Protocols like this however will only gradually be introduced to the public amid fears that the average user who, non-technical by nature, will have difficulty understanding the vocabulary involved with setting up P3P.
- Who operates the site with, at the very least, one method of contact. Do not forget to include the country within which you operate.
- How the website uses the information it gathers or tracks. Sometimes an accurate statement of these uses can make the difference between breaking the law or being legal.
- With whom the website shares the information it gathers or tracks. This need not be a comprehensive list but should indicate which information is disclosed, if this is not all that is gathered. Also an explanation of how potential recipients are selected and the general nature of such a policy including the frequency of such actions should be included. The information disclosed should, of course, only be that for which the operator has registered with the Data Protection Register. (UK specific) The UK Data Protection Act 1998 was adopted in July 1998. It entered into force on 1st March 2000 together with the supporting secondary legislation (available on the Home Office website at http://www.homeoffice.gov.uk )
- Details of the websites Opt-Out policy.
- The websites policy on correcting and updating personally identifiable information.
- The policy of the site operator on deleting or deactivating visitors names and other details from its database.
- An email link to, or statement identifying, an individual as the nominated contact point if any visitor or user has a question or query about the statement or the website.
- A statement about what happens if your site gets hacked.
What can you do to help?
For those businesses that can afford it, they should have a Privacy seal which assures the visitor that they are standing by their PP.
BBB OnLine - Council of Better Business Bureaus
TRUSTe seals Provide and maintain a system for companies to show that they mean what they say. This system deals with complaints by consumers who may feel that they have suffered a privacy breach. If you feel that the company is sufficiently endowed to afford one, write and ask them to get one.
How do you verify if a web site is in fact licensed by TRUSTe?
TRUSTe notes that their trust mark should be linked to the site's privacy statement. Once you get to the site's privacy statement page, scroll down and look for the TRUSTe click to verify seal. All licensees must post the click-to-verify seal on their privacy statements. Clicking on the seal takes you to TRUSTe's secure server and verifies that the site is indeed a legal licensee of TRUSTe. If you find a violation, let them know, doing so protects Privacy standards for all.
Children's Privacy - Do you need to comply with COPPA?
Children's Online Privacy Protection Act of 1998 (COPPA) - Just because you have some referral links on your site does not mean you must comply with the law, it's basically down to the communication you have with your visitors and if you know weather or not they are under 13 years of age. Children's Privacy wizard
Do you host chats? Maybe message boards and newsletters? What about lists and guestbooks? Does the Guestbook ask for names and email addresses? Is it not making that information available to third parties?