You finally created your website.
- Did you include eye-catching graphics? Check.
- Did you include an attention-grabbing banner slogan?
- Did you post all of your social media handles?
Second, certain industries such as banking, healthcare, and companies marketing to children are required to comply with specific data and privacy laws and regulations may at least obliquely address public statements that are made about privacy and data security practices.
The FTC, which under Section 5 of the Federal Trade Commission Act has the power police deceptive and unfair trade practices, assesses website privacy policies through the lens of consumer expectations. Along these lines, absolute statements such as “we never share your information with anyone” are not considered a best practice. Alternatively, ambiguity about practices regarding certain categories of information is not advisable. The FTC previously provided guidance stating that website privacy policies should provide “clear” and “prominent” notice to consumers regarding a website owner’s collection and use of PII, including but not limited to:
- The specific elements of information collected, (i.e., name, addresses, email addresses, etc.);
- The intended use;
- The third parties to whom such collected information is disclosed;
- A consumer’s ability to access such information and the method to obtain such access;
- A consumer’s ability to remove such information from a website’s databases and the manner in which this may be accomplished; and
- Procedures to delete PII from the website owner’s company databases and any limitations to such deletion.
Website privacy policies should disclose collection practices that are both apparent and non-apparent. An apparent collection practice may involve information collected from consumers in response to an online form that requests PII. A non-apparent collection practice includes information that is automatically collected through the operation of a website. Along these lines, a website should disclose how the company utilizes cookies, web beacons, and other tools that may gather PII and non-PII, what information is collected, and how this information is used. Remember, “do what you say.”
Style and Tone of Website Privacy Policies
“Say what you do, and do what you say.”