Often a web site privacy policy is overlooked, thrown together in haste, or altogether omitted as the site owner is anxious to move on to more glamorous and creative aspects of developing a business home on the Internet.
Privacy policies are sometimes akin to the "fine print" of most lengthy legal documents - something to be tolerated and considered, but probably there only in the extreme case that the user really cares about such things.
I believe, strongly, that the site's privacy policy is very important and something that can greatly enhance the visitor's sense that the site owner really can be trusted - that he/she really does care about the confidentiality of the visitor's personal information.
Remember, on the Internet, trust of the site/company owner is one of the most important reasons that a customer or prospect is likely to hand over personal information and eventually make a purchase of some kind.
What should the site's privacy policy cover?
Does the policy also extend to not just the site but also the site owner's communications with prospects in email, snail mail, advertising, faxes and other business communications?
Of course, these questions are asked because a great privacy policy will help to build trust in potential customers and also help them to feel safe and comfortable in giving the owner an email address for future correspondence.
With CAN-SPAM and other legislation now in place covering all online communications, it is critical to understand what the law says and comply with the requirements totally.
Here are some of the highlights of what your privacy policy ought to contain:
1. A general statement of your web site business support of customer and contact privacy so that the visitor, early on, knows that you have a concern and have addressed that concern already. If the visitor can't find a privacy statement or a formal policy, he is more likely to end any contact with the business immediately.
2. An easy to find "Unsubscribe" link or mechanism. Regardless of the type of web site you run or the type of business niche you're in, the law requires that you provide an easy and convenient mechanism for customers to break the tie with your business. For whatever reason, should the contact decide she wants to stop receiving information from your business, she has the right and prerogative to do that immediately and her request should be honored by you right now!
3. As much as possible, your policy should be easy to understand. Don't bury the details in a lot of verbage and fine print. Be straightforward, concise, and to-the-point. Often privacy statements tend to sound like non-lawyer made up "legalese" (if there is such a word.)
Why be unclear or wishy-washy about this aspect of your business policy? Your customers will be more impressed with your willingness to be straight up with them if you simply and accurately describe how their confidential information will be gathered, kept, stored, and deleted if they so desire.
4. Be clear with the contact about how you will gather and keep (store) personal information. Let the customer know that you intend to NEVER sell, rent, or share their data with anyone.
5. If you do plan to share other web sites, tools, and resources with your customers, let them know that these are trusted sites. Make sure you have visited all the links you give to your contacts as a sort of "pre-screening" so that you don't send your customers to sites that are not what they seem.
Imagine the damage that will be done to your own reputation and your business if you send customers to a link that serves porn, distributes viruses, or in any way is harmful or unwanted by most web users!
6. Be clear about phishing, site napping, and other scams that are rampant online. Chances are, your business won't be a target of these scams if you are a small home operator. The large branded sites are usually the targets of these games, but it could happen to you at some point.
Your goal is to help the customer or contact feel comfortable with your site and its communications. If they understand you're watching for these scams, they will trust that you are professional enough to watch out for their best interests as well.
7. COPPA is the Children's Online Privacy Protection Act and it should be mentioned in your privacy policy. It covers young people under the age of 13 and you need to be aware that for these children a parent or guardian must first give consent before you collect any private or personally identifiable information.
8. It is certainly good policy to let others know that your privacy policy only covers your site and communications from your business. Just because you share a link or make a product recommendation does not mean that your policy covers the customer once they leave your site. Your policy is in force while a customer reads your email or navigates your own site and no where else.
9. Give a clear instruction about what to do if a customer or user has a complaint. Customers want to know that there is a definite and easy way to get ahold of you if they need to for any reason. Make getting in contact a snap!
I suggest giving a phone number, an address, a fax, and an email address for immediate contact. Some businesses don't do this because they are worried about getting put on scraped lists of spammers. But I can tell you positively, that having full contact information is much more satisfying to customers than not seeing that option.
(If you don't want to give an email address to potential contacts, you can always provide a "fill in form" that they can use which is programmed to be sent to your email inbox - this way, your address will never be revealed.
10. Have a professional 3rd party review your policy and make recommendations. While this step may seem costly and not important, I would want my business to be covered to meet all aspects of the law. Hire a person that knows what to look for because, as a non-professional, you will not.
Legislation and best practices change all the time. Stay on the cutting edge of progress. Cover your business and make your customers aware of the fact that you have consulted with proper legal authorities so they can feel secure in dealing with your business.
