Table of Contents
- When Do I Need One?
- The Consequences of Not Using One
Company: The name of the company that owns the website collecting information from its users.
Website: The URL address of the company’s website that the user will be browsing and accessing.
User’s Information: A description of the type of information that the website collects and discloses.
Collection, Use, and Disclosure: What information the company will collect , how they will collect and use the information, and when and to whom they will disclose the information.
- Privacy Statement
- Privacy Notice
- Privacy Page
- Privacy Information Policy
- Personally-identifying information is any information that on its own can be used to identify a specific person. Some examples of personally-identifying information include a person’s name, date of birth, address, email address, marital status, financial records, and medical history.
- Non-personally-identifying information is information that, without the aid of additional information, cannot be directly associated with a specific person. Some examples of non-personally-identifying information include a person’s internet protocol (IP) address, browser type, and location of other websites viewed before arriving at the website.
User input: If a website requires users to register, users will usually have to provide personally-identifying information, such their name, address, telephone number, email address, age, and/or credit card number. In addition, a website might ask for other information from the user, such as interests, gender, user name and other demographic information.
Derivative data: Most websites collect non-personally-identifying information that web browsers make available, including the user’s IP address, operating system, browsing history, and statistical data.
Web cookies: Web cookies are small text files which are stored on a user’s computer. Each time the user submits a query to the website, the user’s web browser sends the text file back to the website, allowing the website to keep track of users, remember important information and customize web pages.
Web beacons: A web beacon is small file embedded in an email or web page that allows websites to invisibly monitor a user and see if the user has viewed their content.
Social media: If users can connect their social media accounts to the website, certain information may be disclosed by the social media network to the website.
General use: In general, websites will use the information it collects to help provide and deliver the services of the website and manage and maintain the website.
Email communications: Companies will often use their customers’ names and email addresses to deliver notices and announcements to those customers.
Analytics: A helpful tool for companies is to be able to track and analyze the activities of its users and the traffic on its website. Companies can use third-party vendors to allow such tracking data on its website.
By law: Companies will have to disclose personal information if it is required by law.
Marketing: Sometimes companies will sell or give its customers’ email addresses to third parties who may send emails about additional products and services.
Business partners and affiliates: Personal information can also be shared with business partners and affiliates.
Third party service providers: Companies will sometimes need to share personal information with third party service providers that help them with the business, such as credit card processors.
3. When Do You Need One?
In the United States, the Federal Trade Commission (FTC) regulates laws and policies regarding the privacy practices of businesses and the protection of their customers’ personal information. The FTC also helps to enforce federal laws concerning the privacy of customers’ information, including the following:
- Fair Credit Reporting Act (FCRA), which limits how companies can obtain and use a customer’s credit and background reports.
- Gramm-Leach-Bliley Act, which requires financial institutions to clearly explain their information sharing practices and also restricts the sharing and use of specific financial information.
- Health Insurance Portability and Accountability Act (HIPAA) created a “Privacy Rule” that establishes a national set of standards of how health care service providers can use an individual’s protected health information.
The European Union has more established laws regarding privacy protection, including the Data Protection Directive (95/46/EC) and the E-Privacy Directive (2002/58/EC). These directives state that personal information of European Union residents can only be transferred to countries outside of the European Union that have policies with an adequate level of protection.
Although the United States is not currently on the “approved list” of countries, the EU-U.S. Privacy Shield provides a framework for U.S. companies to receive transfer of personal information from the European Union.
4. The Consequences of Not Using One
|Paying hefty fines or having your website shut down||Having your financial information shared and used for fraudulent transactions|
|Being sued by users for improper disclosure of personal information||Having your social information posted online and used for illegal activity, character assassination, or unapproved use|
|Compromising a user’s personal safety||Having your location data posted online and receiving unwanted visitors|
|Lack of trust and credibility||Skepticism and apprehension about doing continued business with a company|