It is no secret that the public’s concerns over the use and protection of their personal data has intensified in recent years. Today businesses that collect the personal information of their customers are expected to establish and maintain detailed and effective plans to safeguard the storage and use of private data. But not only are these protections and policies expected by consumers, in most circumstances, commercial online businesses are required to publicly post and implement their own privacy policies.
- The name of the business (or individual) that owns and operates the website.
- What information is being collected? This may include names, email addresses, phone numbers, social media information, mailing addresses, and financial transaction data like credit card or bank account numbers. You should also include any categories of information logged by your servers like IP addresses and hostnames.
- How is that information being collected? Does your website utilize cookies, web beacons, or other automated collection processes, in addition to utilizing web mailing lists, web forms, online message boards, comments sections, and account registrations?
- How is the information stored and whether the collection and storage is encrypted or safeguarded in another way from hackers and malicious attacks?
- What do you do with their information? If you plan to sell or disseminate it in any way to a third party, this must be disclosed.
- You must also disclose the use of third-party links on the site and any third-party services used to collect, process or store information, like email newsletter services and advertising networks (e.g. Google Adsense).
- The contact information for the business so that users can contact you with any questions.
- If your site serves an audience under the age of 13, Federal Law requires you make certain disclosures consistent with the Children’s Online Privacy Protection Act of 1998 (COPPA).
- Any commercial site accessible in California must include language mandated by the California Online Privacy Protection Act.