Until doing the research for this series of articles, I did not have an appreciation for the value and importance of online privacy policies. Don’t get me wrong, I have always been careful about which websites I use for online purchases or online bill-pay. For instance, before doing business online, I always make sure a site uses encryption for secure transactions and I typically only use well known, credible websites.
Also, I never use a debit card online; only credit cards. That provides recourse in the event some type of fraud takes place. However, I must admit, when downloading a free whitepaper or registering for a technical forum or newsletter, I have shared my primary email address and postal address and sometimes even my date of birth. In hindsight, that was not a good idea.
From a consumer’s perspective, sharing any type of personal information online without knowing what is contained in a website’s privacy policy (much less, not knowing whether they even have one) is risky. It can have negative consequences ranging from annoying spam to fraud and identity theft.
From a business owner’s perspective, not having a privacy policy (or worse, having one but not complying with it) can lead to serious legal troubles.
While a privacy policy does not necessarily make a site legitimate nor does it guarantee that the site operator actually adheres to it, my rule is I will not share ANY personal information on a site that does not have a privacy policy posted. This series of articles may convince you to do the same.
Privacy Policy Defined?
A privacy policy is a legal document that discloses how personal information is collected, stored, used, shared, and disposed of. It is sometimes referred to as a “privacy notice”, “privacy statement”, “online privacy policy”, or “internet privacy policy.”
From a regulatory perspective, there are different types of privacy policies. While a common element is the safeguarding of sensitive personal information, the type of information, applicable laws, and compliance requirements can vary. The table below shows examples of personal information types and the primary associated laws.
Information Type | Primary Applicable Federal Laws |
Personally-identifiable information (PII) | Federal Trade Commission Act Children’s Online Privacy Act |
Personal financial information held by financial institutions | Gramm-Leach-Bliley Act |
Personal health information | Health Insurance Portability and Accountability Act of 1996 (HIPAA) |
Personal credit history reporting | Fair Credit Reporting Act |
Student educational records | Family Educational Rights and Privacy Act |
Privacy policies are legal documents once they are prominently posted or otherwise explicitly communicated to the public. At that point, federal laws and some state laws specifically require website operators to comply with the promises made in the website’s privacy policy.
The type of privacy policy being discussed in this series of articles deals with personally-identifiable information (PII) collected online by website operators. Interestingly, while the federal government does take action against website operators that violate their own privacy policies, federal law does not explicitly require website operators to have an online privacy policy unless they collect personal information from children under the age of 13. At the state level, legal requirements can vary significantly. This is discussed in more detail in the next post “Are Online Privacy Policies Required by Law?”
Leave a Comment