My April, 2010 Montana InBusiness Monthly column
Having clear written policies concerning your business is good business. You might already have notices posted at your place of business, such as “No Shoes, No Shirt, No Service,” as well as more serious boilerplate printed on your sales receipts concerning product returns and warranties.
But are you forgetting your online business presence? You have clear policies available for your customers who walk in off the street; having clear policies online is also a good idea, because you may have just as many people viewing and using your Web site as the customers who visit your “real” store.
Obviously, a “No Shirts, No Shoes” policy is meaningless online, but there are specific aspects of your Web business that should be covered by a clear policy, like a privacy policy that covers customers’ information.
Any business with a Web site needs a clear outline of what kinds of information that business collects online, what is done with it and how it is protected. Check any newspaper or news site for recent stories of privacy gaffs and breaches of personal information at Web sites and you’ll see the need, even for a small business.
First, be aware of what you collect on your Web site. (If you don’t know, ask your Web site administrator.) Gathering names and e-mail addresses is common, and that’s obviously information that needs to fall under a privacy policy. What are your written policies for handling that information?
If you don’t collect e-mail addresses on your site, but use software to track Web site “hits” and traffic, be aware that that information should be covered in your privacy policy. Web site statistics can contain information that can be used to identify users in some cases. How long do you keep those stats and how detailed are they?
And be aware of services that you may add to your site and how they may affect your privacy statement. For instance, if you start running ads on your Web site, those ads will place cookies and track users, and that could make your privacy policy moot, if you state in your policy that your site doesn’t use cookies or track visitors.
Those cookies might be first-party cookies – from your own site – or third-party cookies, from the advertisers themselves. Those advertisers will inform you of their cookie polices and should provide the necessary privacy statement to put on your own site.
Does your site have outbound links? You might want a “leaving page” that states to your users that they are leaving your site and that the linked site will have different privacy policies.
Treat your Web site privacy policy as a serious matter, and if you’re in doubt about the wording or the liability involved, talk to an attorney.
Read some of the privacy policies at other Web sites to get an idea of what you might need. There is a sample privacy policy at the Better Business Bureau’s Web site.
Privacy policies apply to governments, too. The state of Montana is one of 16 states that require state government Web sites to display a comprehensive privacy policy. Read the Montana statewide information systems policy and it might give you some ideas of what you need in your own policy.