E-commerce: the importance of having a privacy policy

A privacy policy, also known as an information management policy, is an agreement between the operator of a website and a user of the website that determines how the operator intends to use, collect, store, share and protect the data that the user shares through interactions with the website. Even a little over a decade ago, some commercial websites had no privacy policies, but now, virtually every website has one. These policies, which should be separate from the website terms of use agreement, are a necessity for a number of different reasons.

The policy can foster transparency and trust between operators and users

In relation to privacy policies, website users generally want to know two things: what information the website collects and how that information is used. Best business practices dictate that website operators let users know the answers to those two questions and let them know how to control that usage.

Some websites inform users that they simply collect information for their own use, and other websites disclose that they provide that information to third parties under certain circumstances. EBay’s privacy policy, for example, tells users not to “disclose their personal information to third parties for their marketing and advertising purposes” without the explicit consent of the user. The policy says that eBay can share personal information with third parties when necessary to prevent fraud or to use the main functions of the eBay website. The expanded version of eBay’s easy-to-read policy could be enhanced by specifically informing users at which points in the service information is collected and how it is shared at each point.

A website must also update users whenever the privacy policy changes. You must inform users when the new policy will take effect and you can allow users to accept changes, explicitly through a dialog box or implicitly through continued use of the website.

The policy can help protect you from legal liability

Although there is no general federal law outlining the privacy policy requirements for websites that collect information from adults, there are several state laws and federal laws specific to minors. For example, the California Online Privacy Protection Act of 2003 (OPPA) requires that website privacy policies contain certain information, including: “personally identifiable information collected, the categories of parties with whom it is may share this personally identifiable information and the process for notifying users of material changes to the applicable privacy policy. ” The Children’s Online Privacy Protection Act (COPPA) requires operators to maintain a privacy policy if the website is directed at children under the age of 13 or knowingly collects information from children under the age of 13.