We get asked a lot by clients as to what to use for a privacy policy. Although each business may use information differently, good privacy notice should be easy to find, easy to read, and comprehensively explains all your online information practices. It also provides online visitors an opportunity to make informed decisions about the collection and use of their information. As part of good business practices, posting a notice is an important first step in defining your online policies and towards answering one of the major concerns (and barriers) voiced by web-users when going online.
The following sample privacy notice describes basic information practices for a single website directed to U.S. residents. Additional disclosures would be required for website operators that:
* limit the application of the privacy notice to U.S. residents,
* share individually identifiable information collected online with unaffiliated third parties or corporate affiliates not governed by the same privacy policy,
* direct part of their website to children or collect information from online visitors actually known to be children,
* enhance or merge individually identifiable information or prospect information collected online with data from third parties for the purposes of marketing products or services to the subject of that information,
* apply the privacy notice provisions to everyone except those operating solely in a business capacity,
* limit the scope of the BBBOnLine privacy seal by excluding in the application corporate subsidiaries, operating divisions, or websites devoted to other discrete product lines,
* condition access to any part of the website on the disclosure of individually identifiable information,
* allow other organizations to collect individually identifiable information or prospect information by interacting directly with online visitors at the applicant’s website,
* collect passive information (including cookie information) that is linked to a name or similarly specific identifier,
* use prospect information for any purpose other than those for which the information was submitted, or
* limit access to maintained individually identifiable information or prospect information by limiting the frequency of requests or by requiring a processing fee; or limit access due to an inability to retrieve such information in the ordinary course of business.