What every website owner should know.
By Mike Young
Maintaining a website means understanding the nuances of privacy policies and establishing those that build trust with visitors, protect users’ information, and comply with complex laws. This is vital information for protecting yourself from lawsuits and government investigations.
General Information About
Website Privacy Policies
Different Kinds of
There are many legal variables at play in e-commerce. For example, the extent of protection under the law varies by visitors’ age groups. Minors who are 13 to 17 years old have some legal safeguards under the law that are unavailable to adults. The Children’s Online Privacy Protection Act, which applies to children under 13, is complex to comply with even if you’re an experienced attorney. It’s important to note your view of who your website visitors are may be different from that of the Federal Trade Commission or a state attorney general’s consumer protection office when trying to protect minors.
Additional protections exist for personally identifiable information, or PII, that can be used to identify or track an individual visitor. This commonly includes a visitor’s full name, credit card number, and home address. You want to make it clear in your policy that other visitors who read PII, which is sometimes posted in blog comments or forum posts, can’t abuse it. You’ll want to prohibit or severely limit the circumstances under which they can use such information without the proper consent.
Other protected information includes that of a visitor’s health. In the United States, there are complex rules affecting website privacy promulgated under the Health Insurance Portability and Accountability Act of 1996, or HIPAA, and the Health Information Technology for Economic and Clinical Health Act of 2009. These laws and rules are particularly important to professional health care providers when it comes to protecting patient privacy.
Transparency Is Essential
Privacy and Email Marketing
If a visitor can opt into an email list through your website, you should explain the privacy rights related to the use of his or her email address. You should address whether you self-host the list or use a reputable third-party autoresponder service and whether you use co-registration—opting provided email addresses into multiple lists. Privacy policies should also detail the protection of email addresses visitors post on your site. Is there a reasonable expectation of privacy? Or can others who see it email the person directly?
This article originally appeared on the author’s blog and has been edited and reprinted with permission. Read more at mikeyounglaw.com/website-privacy-policy-faqs.
|MIKE YOUNG is a Plano-based solo practitioner focused on internet law.|