Does your Web Site collect information?

Does your Web Site post a privacy policy?

If not, post one today. Here’s how:

Consumers and government regulators are looking at Web Sites to determine how well business protects consumer privacy. The first thing they look for is a prominently posted and clearly written privacy policy.

The Privacy Alliance encourages all commercial Web Sites to post such policies. A good privacy policy informs consumers about what information the Web site collects and what they do with that information once it is collected. In developing your own privacy policy, ensure that it contains all the elements of the Alliance Guidelines and that the policy is backed up by effective enforcement. To help businesses seeking to develop and post a privacy policy, we have compiled a list of useful resources that you’ll find listed below.

Base Your Privacy Policy on Credible Guidelines

Make sure you take a look at our Guidelines for Online Privacy Policies. These Guidelines discuss the key elements to be considered in creating a privacy policy:

  1. Notice and Disclosure
  2. Choice/Consent
  3. Data Security
  4. Data Quality and Access

For more detailed information about our Guidelines, see the Privacy Guideline Commentary, [Word 6.0], [PDF]
In the special case of children, the Online Privacy Alliance recommends against the online collecting of contact information from children under 13 without prior parental consent, or direct parental notification of the nature and intended use of this information. For more on kids privacy, be sure to see our Kids Privacy Guidelines as well as the Federal Trade Commission’s Rule regarding the Children’s Online Privacy Protection Act.

If your site does not have a privacy policy, or if your current policy does not conform to the criteria above, check out the resources below.

Resources

Enforcement Guidelines

The Online Privacy Alliance believes that validation of privacy policies by trusted third parties may be necessary to grow consumer confidence. In our Guidelines for Effective Enforcement of Self Regulation, the Alliance describes how Web operators should assure that their privacy policy commitments are enforced by third parties.

Enforcement Programs

Seal Programs: The Alliance supports third-party enforcement programs that award an identifiable symbol to signify to that the Web operator has implemented and is abiding by effective privacy practices. These enforcement programs are often referred to as “seal programs” and the Alliance has identified several that meet the description set forth in ourGuidelines for Effective Enforcement of Self Regulation.

Other Enforcement Programs: Other groups have established programs to assure that Web operators comply with their stated privacy practices.

Government Enforcement: The Alliance believes that the enforcement of existing laws by government, combined with industry self-regulation, creates “adequate” safeguards for the protection of personal information collected online in the United States. The Alliance’s Legal Framework White Paper paper details this “layered” approach. Legal Framework White Paper, Word 6.0, PDF

Other Helpful Resources

Privacy Seminar:

The Software & Information Industry Association has created set of resources to help businesses develop online privacy policies. Theseminar explores how privacy laws affect online business, identifies elements of an effective privacy policy, provides checklists for policy development, and supplies a wealth of additional resources for the business community.

Diagnostic Tool:

The United States Council on International Business’ (USCIB) Information Policy Committee and Working Group on Privacy and Transborder Data Flows developed the USCIB diagnostic as a tool for use by companies in developing effective privacy guidelines.

Privacy Action by Industry Leaders:

This list is a partial review of what some Online Privacy Alliance member companies and trade associations have done to help develop a system that safeguards privacy through rigorous, self-regulatory policies and practices.
Privacy Enhancing Technology Tools:
Check out the growing range of new technological tools available to help consumers control the information they share, surf anonymously, and remove their name from e-mailing lists.

Seal Programs and Other Third-Party Enforcement Programs

The Better Business Bureau OnLine

For a half-century, consumers have looked for a BBB seal to confirm that a business is engaged in ethical business conduct. Today, the BBB has two similar programs for electronic commerce–a reliability seal program and a new privacy seal program. Companies that meet high BBBOnLine Standards for protecting personal privacy will exhibit a BBBOnLine privacy seal on their web sites. The privacy seal will provide consumers with assurance that a website collecting personal information says what it does, does what it says, and has it’s Privacy Policies and Practices verified by the Better Business Bureau Online. The program includes a state of the art mechanism for consumer recourse. A seal program for childrens’ sites is also available.

CPA WebTrust Program

With the CPA WebTrust Program, a specially licensed Certified Public Accountant examines a company’s website to ensure that its Internet transactions meet the program’s accepted high standards in three key areas: information protection (including security and the protection of private information), business practices and privacy (which includes testing of an on-line business’s privacy policies and stated business practices), and transaction integrity (which includes testing to ensure transaction validation, accuracy of processing and billing, and on-time delivery of goods or services). If all criteria are met, the website receives a WebTrust seal, which is reviewed at least every 90 days by a licensed CPA. WebTrust’s features include a built-in consumer recourse mechanism, a digitally secure seal that is protected by industry-leader Verisign, ease of recognition by consumers, and ease of implementation by business.

Entertainment Software Rating Board

ESRB Privacy Online is a comprehensive, cost-effective seal provider service created by the Entertainment Software Rating Board. As a leading self-regulatory body for the better part of a decade, ESRB is committed to protecting personal information collected and exchanged over the internet.Internet through broadband is especially vulnerable to privacy issues due to it’s usually fixed IP address which can identify the user even when surfing anonymously. This privacy program is especially dedicated to protecting the personal data of children through its Principles and Guidelines for Fair Information Practices, educational services and its easily recognizable seal. Participating companies must create and abide by an approved privacy policy and submit to ongoing oversight mechanisms including: periodic monitoring, random seeding, and an online consumer hotline. Other program features include: free alternative dispute resolution services, an online privacy statement “Composer,” and a team of legal and business experts trained to assist Web publishers in creating effective, easily understood, privacy statements.

TRUSTe

TRUSTe is a non-profit, third-party oversight “seal” program, committed to building users’ trust and confidence in the Internet accelerating growth of the Internet industry. Licensees are able to display the TRUSTe trustmark after they have agreed to abide by certain data practice and disclosure standards. TRUSTe provides ongoing oversight and resolution processes. A seal program for Children’s sites is also available. The TRUSTe sight offers a privacy statement “Wizard” as well as resources for Web site publishers and consumers.

DMA Privacy Promise

The DMA Privacy Promise seeks to “raise the bar” for privacy practices by ensuring that DMA members adhere to certain privacy practices, and by challenging all non-DMA industry members to meet this high standard as well. You can learn more about the Privacy Promise by reviewing the Privacy Promise Compliance Guide at the DMA Web site. If you are a DMA member, you can obtain specific information about what you must do to comply with the Privacy Promise in the members only section.

Individual Reference Services Group

If your company is in the individual reference services business (i.e. providing information that assists users in identifying and locating individuals), then you might consider joining the Individual Reference Services Group (“IRSG”). Compliance with the IRSG “principles” are enforced by annual outside assurance reviews.

Some government sites to look at:

US Federal Trade Commission “About Privacy” Web Site
Information about what the US Government is doing to address consumer concerns about privacy online.

1980 Organization for Economic Cooperation and Development Guidelines on Privacy and Transborder flows

Public Interest Groups:

The following public interest organizations’ sites may be of interest: