| According to the Federal Trade Commission, Online Privacy Policies should disclose the following:
- What information is collected;
- How the information is collected;
- How the information is used;
- Whether information is disclosed to others;
- How choice, access and security are provided to consumers;
- Whether other entities are collecting information through the site (e.g., third party advertisers); and
- Who is collecting the data.
The FTC has developed four criteria for effective privacy programs:
- Notice - Web sites should provide consumers clear and conspicuous notice of information practices, including what information is collected, how it is collected (e.g., directly or through less obvious means such as cookies or webbugs), how the information is used, how consumers are provided Choice, Access, and Security, whether information is disclosed to other entities, and whether other entities are collecting information through the site.
- Choice - Web sites should offer consumers choices as to how their personal identifying information is used beyond the use for which the information was provided (e.g., to consummate a transaction). Such choice encompasses bother internal secondary uses (such as marketing back to consumers) and external secondary uses (such as disclosing data to other entities).
- Access - Web sites should offer consumers reasonable access to the information collected about them, including a reasonable opportunity to review information and to correct inaccuracies or delete information.
- Security - Web sites should take reasonable steps to protect the security of the information collected from consumers. [Privacy Online 2000 p. iii]
Privacy policies should be clear and free of contradictory or ambiguous language. When changes are made to policies, notice should be provided to individuals from whom the sites have collected material information, and affirmative opportunity to consent or opt out might be required. [Privacy Online 2000 p. 26]
Better policies are shorter. They should not be buried in a barrage of legalize, terms and conditions, which of tern are too long and incomprehensible to consumers. To be effective, privacy policies should build consumer trust.
Privacy Policy Generators can help get you started:
"B. Website Seal Programs.
"Third-party enforcement programs known as “seal programs,” provide another way to monitor company practices and enforce privacy policies. By clicking on the “seals” such as
TRUSTe, BBBonline, Webtrust, and Enonymous.com on a particular website, a user is immediately linked to the site’s privacy statement. The purpose of the seal programs is to create name and sight recognition for the seals so that consumers will see them and know that they are visiting a site they can trust. Seal programs are designed to provide protection to consumers, by allowing web companies to standardize privacy policies."
- Know the Rules Use the Tools, Privacy in the Digital Age: A Resource for Internet Users, US Senate Judiciary Committee, p. 24 (n.d.)
|
The FTC also recognizes that enforcement is also a necessary component of any successful privacy program. In self regulation efforts, enforcement may come about contractually where sites participate in privacy seal of approval trust programs and are confronted with potential removal from that program. The government may also have a role where sites post privacy information and fail to comply with those representations, or follow other privacy practices that might otherwise be considered deceptive.
Papers
- Center for Democracy and Technology, Behind the Numbers: Privacy Practices on the Web (1998)
- Georgetown Privacy Policy Survey: Report to the Federal Trade Commission (June 1999).
|
