24 January 2020
Privacy Policies are written statements that let your clients, customers, or website visitors know exactly what personal information you are gathering from them, and how that information will be used, managed, and disclosed to others.
In the US, the Federal Trade Commission (FTC) has provided guidance on the use of these agreements, and all states have laws requiring at least a minimal disclosure of exactly what information is being collected and how that information will be used.
Before you begin to draft this legal agreement, read this checklist to make sure you can keep your customers informed and your business compliant when dealing with personal information collection.
Identify all of the types of personal information you collect, as well as:
Include information about how people can request to see what information you've collected, and either make changes themselves or request that you make changes.
Describe any processes you have in place, such as contact forms, email addresses or account sections where users can access this information.
Additionally, you must disclose how your website responds to any actions a client or customer takes to maintain privacy, such as the "Do Not Track" web browser settings which is required by CalOPPA in the US.
Disclose whether third parties have access to the data you collect or are collecting this data themselves through your business.
Always include the effective date of the policy, and describe the process that you will use to notify users of any material changes to your policy.
The footer of websites and the Legal section of your mobile app are common placement locations.
Keep in mind that agreements between central businesses often translate through to subsidiaries and affiliates, so one contract can have long-running ramifications.
Passive tracking methods include cookies, pixel tags, web beacons, browser fingerprinting, and other simple but material ways of tracking users.
Misrepresentations here can lead to charges of deceptive advertising. Even the smallest and simplest tracking method needs to be disclosed.
With the collection of personal information comes the drive for appropriate privacy.
Users don't want you collecting excessive data from them, and you don't want to have to deal with maintaining and disclosing this excessive collection.
Because of this mutual wish for minimal data collection, there is a new trend towards considering privacy from the beginning and only collecting minimal and necessary data. When developing your website or mobile app, keep this in mind.
Design your websites or mobile apps with a drive for privacy to avoid complications with lawsuits and lengthy and complex legal agreements.
Always give your users the option to opt-out of any marketing communications, or make them have to opt in explicitly.
This makes it easy when it comes to consent and notice requirements because your customers will always be consenting to receive your communications.
This isn't required of all businesses, but it's a best practice for any business and may become a legal requirement one day.
By documenting what your business will do to protect the collected data, you will be favorably regarded by your customers and third-party collaborators, and will help avoid potential future data disasters, or at least know how to deal with one if one arises.
Online Behavioral Advertising ("OBA") works by collecting data about what someone views online and then tailoring advertising specifically to the personal interests of the individual at a later date and on a different website.
Retargeting, also known as remarketing, is an example of Online Behavioral Advertising. If your business started running any retargeting campaigns, make sure to follow the requirements from various platforms you use:
Before data can be collected about anyone under the age of 13, aside from the fact that the individual is under the age of 13, parental consent must be obtained.
If your website or mobile app is not directed towards children, take steps to ensure you are not collecting data from these children to avoid a violation of the Children's Online Privacy Protection Act (COPPA).
If your company develops the website and/or the mobile app to be used by children under 13, make sure you comply with the COPPA Act.
Location-based information technology works by tailoring advertising or technological features to an individual based on his or her GPS location, such as in or near a specific store, or in a certain town.
Always give notice to your customers about how this location information will be collected and used, shared and disclosed.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.