- Type of personal information collected actively – List the personally identifiable information collected actively from each user such as name, e-mail, work address, telephone number, and credit card number, and any anonymous demographic information collected, including age, gender, preferences, interests, and favorites. Inform the customers how this information is collected and whether providing this information is a prerequisite to using the small business’s website.
- Type of information collected passively or automatically – If the business has a web presence, list the information collected through the use of “cookies” or other similar technologies. Inform users of the reason for collecting the information and whether the information will be disclosed to third parties. Give a brief explanation of any technical terms, such as cookies, and how the users can turn them off from their browsers.
- Information sharing – Explain the need for sharing the user’s information with "trusted partners" for certain purposes for the benefit of the customer or to better serve the customer in the future. For example, list activities related to the delivery of the merchandise and third party analysis of customer preferences. Also, include language informing customers that the small business has the right to disclose information if legally compelled to do so (i.e. through a court order, subpoena, or upon a merger or acquisition of the small business).
- Security – Outline the measures that the small business is taking to protect the customer’s personal information. Pay attention to the wording of this provision and be specific on the security that the small business will provide. The Federal Trade Commission takes very seriously the promises made by businesses to protect the consumer’s personal information and will prosecute for unfair or deceptive practices.
- Opt-out provisions – Describe the process for users and customers to opt-out or unsubscribe from the promotions, special offers, and solicitations offered by the small business and its trusted partners. Give customers a reliable timeframe for when they can expect the solicitations to cease if not immediately.
- Avoid jargon. If you have to use technical terms, such as cookies or SSL (Secured Sockets Layer), be sure to explain them in understandable everyday language.
- If your business is directed to children or collects information from children under 13 years of age, review and implement the requirements imposed by Children’s Online Privacy Protection Act (COPPA).
- Conduct market research of published privacy policies of other similarly-situated small businesses to determine the standard practices. As your business grows, review the more comprehensive privacy policies of businesses such as Amazon.com and Barnes and Noble.
- Highlight the small business’s goodwill and commitment to privacy by listing what the company does not do with the consumer’s information such as sell, rent, or lease it to third parties.
- Obtain a privacy trust seal from a well-recognized trust service provider such as TRUSTe or Trust Guard to build client confidences.
Image Credit: taylorschlades / morgueFile.com