Almost all Web sites collect and extrapolate information about their users to enhance the users' experience and provide customized services. As technology that tracks and profiles Internet users becomes more advanced, the potential for online privacy violations and consequent liability can be a minefield.
However, by following a handful of basic measures, you can ensure the fair use of information while allowing individuals to participate in decisions on the disclosure and use of their personal information.
Notice. Consumers are entitled to know when information is being collected, how it will be used, and when personal information might be disclosed to others. Notice should include the consequences to the consumer of refusing to give the information. It should also address the issues of choice, access, and security.
Choice. Consumers should have choices about how their information is used or disclosed beyond the original purpose for which it was provided (e.g., to complete a transaction). Choice may be opt-in (e.g., click here to receive valuable information from our sponsors) or opt-out (e.g., click here if you do not want to receive new product announcements). Opt-in affords stronger privacy protection because it establishes a default rule against disclosure and use.
Access. Consumers should have access to stored information about them and an opportunity to correct inaccuracies or delete data.
Security. Web sites should protect the security of the data and ensure its integrity and accuracy.
Enforcement. These principles must be enforced to be effective. You should have procedures in place to address infractions.
No Policy? Significant Liability Risk!
Apart from damaging consumer confidence, a company's failure to adopt and follow reasonable privacy policies creates a significant risk of liability. The development of companywide information collection practices, including notice and disclosure of such practices to consumers, is critical to establishing and maintaining consumer confidence and a viable online presence.
State, Federal, and International Regulation
Internet privacy law is in its infancy. There remains significant uncertainty in this area, given the absence of clear legal precedent; proliferation of privacy-related litigation nationwide; and the emergent body of state, federal, and international regulation. For example, federal banking regulators are accepting comments on proposed privacy regulations for financial institutions.
Since the passage of the Gramm-Leach-Bliley Act of 1999, state legislatures have been preparing privacy statutes and regulations that will affect companies from many industries. The Yahoo! Inc., DoubleClick Inc., and Amazon.com Inc. litigations, and the class actions filed against RealNetworks for secretly tracking the music listening habits of its users through RealJukebox (free software downloaded from the RealNetworks Web site), all reflect the propensity of the dot-com world to become involved in litigation alleging privacy violations.
Online Privacy Resources
There are many online resources that are excellent for small businesses. For example, the Online Privacy Alliance Web site is an excellent educational resource. The alliance has roughly 100 corporations and associations as members, and is committed to working with government to avoid having the public debate over Internet privacy result in unnecessary anti-industry sentiment. Also, there is an extensive hyperlinked reference to privacy-related news stories and legal resources, the E-CommerceLaw Source.com.
The discussion above is for informational purposes only and is certainly not a substitute for consulting a qualified lawyer to examine the issues and risks of your particular venture.
Copyright © 1995-1999 Pinnacle WebWorkz Inc. All rights reserved. Do notduplicate or redistribute in any form.