The Internet has brought a lot of benefits to people but it has its share of loopholes as well. There are several malicious people lurking in the web who try to misuse people's confidential contact information and wreck havoc in their lives. Hence, every site owner needs to have an Internet Privacy Policy for convincing the visitors of his site about the safety aspect.
As a matter of fact, when people visit a web site for buying a product or service, they look for an online privacy policy. It gives them a feeling of security and peace of mind. Having a privacy policy also gives one's site a professional image. The site owners who are planning to apply for Google AdSense must have a privacy policy for their sites. This norm has been introduced by Google in AdSense's terms and conditions.
However, an effective privacy policy goes beyond declaring that a company will ensure the private information of its customers will remain private. A site owner needs to keep certain guidelines in mind before creating a privacy policy for the customers. It would be advisable for the owner of a site to review the existing privacy policy laws. For developing a comprehensive and effective privacy policy a site owner needs to check various aspects of policy making like data type, way of storing etc. Some web sites make use of the cookies to gather private data of the visitors.
One also needs to know the rules regarding making privacy policy for the web sites. For example, a web site containing economic and health care issues is required to comply with specific client privacy laws. It is always better to let the customers know why and how their personal information needs to be collected.
A person, who wants to be on the safer side regarding making privacy policy for his site, can consult a privacy specialist or lawyer. One can also search the Internet for finding information for relevant tips on making effective privacy policy. For many site owners, privacy policymaking means focusing on the clients and company. However, some companies also exist that choose to include employee privacy parameters in the policy concerning its customers. But if the issues are separate one can think of making an employee centric privacy policy.
It is not adequate to just make a privacy policy on paper. A site owner also needs to adhere to the client privacy policy under all circumstances. In case a site owner is worried about making the perfect privacy policy he can take the help of the Free Privacy Policy Generator. This advanced software takes little time to generate a professional privacy policy that is compliant with COPPA and Google laws. For finding more information on this user friendly and useful software one can log in to the site freeprivacypolicy.com.
In addition, the Federal Trade Commission (FTC) continues to aggressively file suits for security violations under Section 5 of the FTC Act which prohibits unfair or deceptive practices.
A good example is the enforcement action brought by the FTC against LifeIsGood.com for failure to implement reasonable and appropriate data security measures. This case is significant because the FTC expects all sites to follow guidelines provided in the settlement of the case.
Lifeisgood.com's Privacy Statement
Life Is Good collected sensitive consumer information, including names, addresses, credit card numbers, credit card expiration dates, and credit card security codes through its website. Its privacy policy claimed: "We are committed to maintaining our customers' privacy. We collect and store information you share with us - name, address, credit card and phone numbers along with information about products and services you request. All information is kept in a secure file and is used to tailor our communications with you."
The FTC Claims
The FTC alleged that, contrary to its privacy policy, Life Is Good failed to provide reasonable and appropriate security for the sensitive consumer information stored on its computer network.
Specifically, the FTC alleged that Life Is Good:
1. unnecessarily risked credit card information by storing it indefinitely in clear, readable text on its network, and by storing credit card security codes;
2. failed to assess adequately the vulnerability of its Web site and corporate computer network to commonly known and reasonably foreseeable attacks, such as SQL injection attacks;
3. failed to implement simple, free or low-cost, and readily available security defenses to SQL and similar attacks;
4. failed to use readily available security measures to monitor and control connections from the network to the Internet; and
5. failed to employ reasonable measures to detect unauthorized access to credit card information. The Settlement
In its settlement with the FTC announced in a press release dated January 17, 2008, Life Is Good agreed to implement the following 5 administrative, technical, and physical safeguards in the future. These 5 safeguards are 5 excellent tips -- delivered straight from the FTC -- that you should also follow:
1. Designate an employee or employees to coordinate the information security program.
2. Identify internal and external risks to the security and confidentiality of personal information and assess the safeguards already in place.
3. Design and implement safeguards to control the risks identified in the risk assessment and monitor their effectiveness.
4. Implement reasonable measures regarding the selection and management of service providers who have access to customer personal information.
5. Evaluate and adjust its information-security program to reflect the results of monitoring any material changes to the company's operations, or other circumstances that may impact the effectiveness of its security program.
Conclusion
Sometimes form is as important as substance. What I mean is how you do something, and the fact that you documented it at the time you actually did it, is sometimes just as important as the fact that you did it.
The settlement safeguards in the Life Is Good case are a prime example. Simply having what you believe is a good data security program is one thing, but being able to document that you went through the steps outlined by the FTC is another.
The Life Is Good case points the way to what will work for data security. So, it's highly recommended that you set up a filing system that preserves your documentation and indicates you went through these steps, and when you did it. Then set up a tickler to remind you to go through the steps on an annual basis.
We know that there is no data security program that is 100% safe from illegal intrusions. If you have an unfortunate data security breach, it's likely the FTC or a state regulator will come knocking at your door. That's why it's so important for you to be able to produce a file that clearly shows you implemented reasonable and appropriate data security measures in accordance with the FTC guidelines.
Both Elton12 Jenkins12 & Chip Cooper are contributors for EditorialToday. The above articles have been edited for relevancy and timeliness. All write-ups, reviews, tips and guides published by EditorialToday.com and its partners or affiliates are for informational purposes only. They should not be used for any legal or any other type of advice. We do not endorse any author, contributor, writer or article posted by our team.
Elton12 Jenkins12 has sinced written about articles on various topics from Insurance. Elton Jenkins is author of this article on . Find more information about. Elton12 Jenkins12's top article generates over 880 views. to your Favourites.
Chip Cooper has sinced written about articles on various topics from Internet Marketing, Computers and The Internet and Internet Marketing. Chip Cooper is a leading attorney representing software and ecommerce businesses nationwide in the areas of intellectual property, software, and ecommerce law. Chip's online contract drafting service drafts Terms of Use, Privacy Policy, Subscription, Memb. Chip Cooper's top article generates over 22200 views. to your Favourites.