How To Protect Privacy Information Online
on October 19th, 2011 at 5:55 amHow To Protect Privacy Information Online
By Charles Blount, Underwood Perkins, P.C., Board Certified-Civil Appellate Law, Texas Board of Legal Specialization
If your company collects information from visitors to its website, your website probably needs a privacy policy. Several legislative schemes that would affect privacy policies have been proposed, and handling or mishandling personal information has become increasingly subject to legal action. The Federal Trade Commission (“FTC”) has also created guidelines to assist companies in developing good privacy policies.
The FTC guidelines address five principles commonly recognized in the U.S., Canada and Europe: 1) Notice, 2) Consent, 3) Access, 4) Security and 5) Enforcement.
1. Notice
Visitors to the website should know who is collecting what information, for what purposes the information may be used, and with whom their information may be shared. Your website should:
- clearly identify your company,
- tell visitors what information the site will collect,
- state all of the ways in which the information may be used and with whom the information may be shared,
- describe the way in which the information is being collected (if it is not obvious),
- state whether providing the information is mandatory or voluntary and list the consequences of refusing to provide the information, and
- describe the steps taken by your company to ensure the confidentiality of the information.
2. Consent
Visitors to the website should have the option to choose how their information is used, particularly with respect to any uses beyond those needed to accomplish the purpose for which they are initially providing information. Secondary uses range from adding a customer to your internal promotional mailing list to sharing information with third parties. Consent can be handled in an opt-in format, with a box being checked to consent to the collection of information, or in an opt-out format, with a box to be checked in order to decline future use of the information. Both formats may also be multi-step, allowing website visitors to consent to or refuse specific uses of collected information.
3. Access
Your company’s website should state how a person can easily and inexpensively obtain access to the personal information collected and provide a relatively simple and inexpensive mechanism permitting the person to contest or supplement incorrect or incomplete data, whether it’s in the hands of your company or a third party.
4. Security
Your website should describe the steps you take to ensure that customer information is securely stored and accessed, and the manner in which it will be destroyed or rendered anonymous when no longer used.
5. Enforcement
In the absence of requirements imposed by external authorities, your company should ensure that customers have a simple and inexpensive way to address concerns about their information.
After taking the time to develop a privacy policy, maximize its usefulness by making it visible, meaningful and effective. The FTC recommends having an obvious link to the policy on the company’s homepage, as well as making the policy easily accessible from any web page on which information is collected.
To discuss your company’s privacy and other issues affected by your company’s online presence, for consultation concerning special rules concerning websites that address children and other specially protected groups, or for other questions, please contact Chuck Blount or Amy Moore at Underwood Perkins P.C. 972.661.5114.
Visit our website at www.texstarweb.com
Charles W. Blount III
Underwood Perkins, P.C.
Board Certified-Civil Appellate Law
Texas Board of Legal Specialization
5420 LBJ Freeway, Suite 1900
Dallas, Texas 75240
(972) 661-511
