Editor’s note: This is an extremely important post written by the highly qualified Sara Hawkins.
The Federal Trade Commission (FTC) oversees consumer-focused business privacy laws and policies in the US. For over 40 years, the FTC has been protecting consumer privacy. Companies have had to have privacy policies for their off-line interactions with customers, but in the past decade we’re seeing a trajectory that includes policies for websites and mobile communications. More importantly, more and more consumers under the age of 13 get online privacy concerns for collecting data on children can not be avoided even if your company may not intentionally target that market.
As a consumer, you know you don’t want your private information accessed without permission or shared with third parties without your consent. However, in reality, you also know many social networking and app platforms you access on a daily basis are collecting data and mining your habits. As professionals in the field, you may be aware of how to access the protections. However, the average consumer may not.
While there is no federal law requiring one, the FTC will look for one if there is any question about how your company protects consumers’ private information. Without a clear policy, which is actually followed, the company risks are significantly higher than if there is a policy and the company experienced a one-time breach. In February, 2013, the FTC entered into an $800,000 settlement with an app developer (the largest such settlement of its kind with an app developer to date) due to the interface illegally collecting information on children. The FTC is vigilant in its response to consumer complaints regarding privacy breaches. And this shows the FTC is serious when it comes to protecting consumer privacy despite the speed at which new technologies emerge.
1. Write in language your customers can read and understand. If your target market is children under 13, create a policy for the parent or guardian, and also address the concerns of their children. If your consumers’ primary language is not English provide your policy in their language. In Canada, for example, there are laws regarding the dual-language requirements for online communication.
2. Determine what information you will collect. If you are unaware of what the back-end capabilities are for the interface then bring in the appropriate people to find out. No one is expecting you to understand website architecture, however, if the site is collecting information that is not disclosed or for which there is no meaningful means to opt-out the potential consequence of collecting that data can be very costly. If consumers or users are able to engage on your platform or share images or video, consider those factors and determine what information you want to collect and what information may be required to be collected for legal reasons.
3. Explain how the information will be collected. This is where you need to ensure a plain-language discussion. Don’t throw in a litany of web jargon consumers won’t understand. And, don’t create a long list of any and all information that may or may not be collected. If you don’t track or collect it, don’t say you do.
4. While you may want to ensure confidentiality, be very clear that if compelled by law the information may be shared with third parties.
5. Speaking of third parties, if information will be shared with third parties clearly state what and with whom information will be given. Even if the information is aggregated and not personally identifiable, consumers have the right to know. If individually identifiable information is sold to third parties, be very clear about this fact.
5. Even if it means not being able to access the site, give consumers a way to opt-out of the information collection. If a consumer or site visitor wants to be removed make it easy for them and then follow through. Equally as important is to actually update the records so those who opt-out are no longer having their information maintained or collected.
6. Not only do we make mistakes when we provide information, but information changes. Allow consumers to update and/or change their information. I often suggest having a separate email or specific form just for this purpose.
Disclosure: For information purposes only. The information contained in this article is not offered as legal advice. Please consult a legal professional if you need legal guidance.
Sara Hawkins is the creator of a Blog Law series aimed to help other bloggers, entrepreneurs and online professionals gain legal confidence. Her goal is to make the law understandable and approachable without being overwhelming. On her blog, she also writes about ways to save on everything items so you can stop waiting for “someday.” She can be found on twitter at @Saving4Someday.