Begin Managing Your Risk ... By
Following These Easy Steps
First - determine the type of site you operate
"Brochure - "
site that only
collects personal information from visitors
(such as an email address)
"Ecommerce site"
That takes money
for goods, services or content --- or a site
that has a non-public, password-protected
area where non-public content or services
may be accessed without charge?
Second you need a tailor-made Privacy Policy --- "brochure"
sites need only a Privacy Policy; however ecommerce sites need a Privacy Policy
plus the additional items in Step 3 below.
Do I need a Privacy Policy?
Yes, definitely. Both
brochure and ecommerce sites are
required to have one if they expect
to collect information from visitors
in the United States, including all its
major markets. All you have to do is to
collect only an email address, and you
have crossed the line into the world of
privacy and data security regulation.
What do you mean by collection of information from site visitors?
Generally, your site will collect
visitor information in 2 ways --- either
through a registration procedure that
requires visitors to key in and submit
requested information --- or through
technology-based methodology including
cookies to track navigation; web
tracking software to track computer
data, settings, and navigation; and
clickstream data to track other sites
visited.
Is it OK if I simply post a Privacy Policy that makes general,
well-intentioned statements such as "we respect your privacy"? Isn't that
enough?
No, there are very specific requirements including notice, placement, and content of a Privacy
Policy.
Is it OK to copy someone else's Privacy Policy?
No, aside from copyright infringement issues, there is a serious
question regarding whether someone else's Privacy Policy would fit your specific business and requirements.
Consider this: there are very specific legal requirements for the disclosure of
how visitor data is collected, the identity of categories of parties that are authorized to access or share the
data, and whether and under what conditions third parties may use the data for direct marketing purposes
(including the posting of a specific legal notice). Even if cookies are authorized for data collection, is a
distinction made between 1st party cookies and 3rd party cookies such as Google Analytics?
Just to name a few specific requirements. So, it's obvious that if you copy someone else's Privacy
Policy there may be any number of differences between their site and your
site regarding these issues, and you will not be sure you have considered all
the relevant issues correctly.
So what? What's going to happen to me
if I copy someone else's Policy that does not fit my practices?
You'll probably find yourself on the wrong end of a lawsuit
by a consumer, or by the Federal Trade Commission (FTC) --- and this could cost
you thousands. If your Privacy Policy says one thing, and you do another, or
if you collect or share data in ways that are not properly disclosed, you'll
be in big trouble. Why? It's because the FTC views website Privacy Policies
as enforceable contracts --- and aggressively enforces them. The FTC has
filed a number of suits against website operators for "deceptive practices"
regarding their Privacy Policies. Recent FTC suits include these claims:
deceptive collection of personal information; false promises for
collection of personal information; deceptive sale, sharing, and rental of
personal information; deceptive and false privacy assurances; false claims
regarding data security; data security flaws, lax data security practices, and
data security vulnerabilities that exposed personal information to hackers
and others on the Web; and failure to incorporate reasonable data security
measures. Just to name a few.
OK, so I need a Privacy Policy that is
tailored to fit my business. Is that all that's required to take care of my
privacy requirements?
No. You're not covered yet. You'll also
need confidentiality agreements binding your employees and contractors -- and
any and all service providers that have access to your site and related
databases. Think about it --- how effective would your Privacy Policy be
if your employees could divulge covered data, or worse, if your website
developer or hosting service provider could access all covered data archived
in your site or servers without restriction?
What solution does Protect-Your-Business.com offer?
If all you need is a Privacy Policy, we offer our Privacy Policy Kit.You'll confidently and cost-effectively take
control of you privacy requirements and draft your Privacy Policy plus
confidentiality agreements for your employees, contractors,
and service providers. Our easy-to-use, wizard-based, online
solution will do all the work for you --fast! We guide you
step-by-step through the process -- plus we provide
development notes for you to pass along to your website developer.
Third
- if your site is an ecommerce
site --- that is, if your site
sells goods, services, or content where
money is exchanged --- or it it has a
non-public, password-protected area
where non-public content or services may
be accessed without charge, then the
number of elements to consider in
managing your risk, in addition to your
Privacy Policy, increases significantly.
What do I need for website legal
compliance for an ecommerce site?
You'll
need some combination of the following:
Privacy Policy,
Confidentiality Agreements for
employees, contractors, and service
providers, Terms of Use, Account
Agreement, Membership Agreement,
Subscription Agreement, ASP Services
Agreement, Terms of Sale Agreement,
Content License Agreement, Software
License Agreement, DMCA notice and
Registration Form, Intellectual Property
Notices, Warranties and Disclaimers,
Limitations of Liability, Indemnities,
Dispute Resolution Provisions,
state-mandated consumer rights notices,
money-back guarantees, and jurisdiction
and venue provisions. Just to name a
few. Plus, you'll need to know how to
incorporate these elements into your
site --- simply having the correct
agreements and notices is not enough.
OK, I don't even
want to know all this stuff --- so, how do I get the job done?
It is
recommended that you consult with an
attorney who is experienced in
representing website owners in website
legal compliance matters. You don't
want to pay someone to do research.
Even then, it will be relatively
expensive (generally, several thousand
dollars), but you'll be covered.
I'm a small business.
How do I get the job done affordably?
Protect-Your-Business.com offers our
Ecommerce Kit, a one-stop,
online solution for website
legal compliance for small business
ecommerce websites. We'll assist you in
determining which documents, notices,
and contracts you need. Then you'll
confidently and cost-effectively take
control of your website legal
compliance. Our easy-to-use,
wizard-based, online solution will do
all the work for you in drafting your
documents, notices, and contracts ---
fast! We guide you
step-by-step through the process-- plus we provide
development notes for you to
pass along to your website developer.
Or, if you
require the cost-effective assistance of
an experienced attorney, we provide the
additional option of Chip Cooper's
law firm to do all the work for you.
Congratulations! Now you’ve determined what you need to implement to manage your risk.
Now you simply use our affordable, easy-to-use, wizard-based, online solution to draft your website contracts, documents, and notices.
Click on Three Options, and select the option best suited for your website legal compliance.
