Up until about 10 years ago, the rules governing companies providing access to customer information were at best a gray area. Just within the last year, Americans have witnessed the infiltration of hackers into banks, credit card companies and government agencies. Rightfully so, people are becoming increasingly more cautious about providing access to their personal information. This new level of scrutiny has come on the heels of too many companies misusing or failing to protect information accumulated through the company’s website. Furthermore, consumers are becoming increasingly more leery of the ability of technology to prevent violation of their privacy.
- Introduction – This section might include a little information about the company, the reasons for collecting data and any special restrictions on the data collected.
- Information Collected – This section should be used to tell people exactly what information your website is collecting. Other than host names and IP addresses, customers will most likely be aware of what’s being collected since they are filling out forms or answering questions. That said, the policy still needs to state what information is being collected.
- Method of Collecting Information – This section specifies which forms and queries are being used to collect information.
- Information Storage – This section should be used to detail how and where information is being stored as well as how the information is being protected. Also, this would be the place to disclose whether or not you intend to share the information as well as with whom and why.
- Contact Information – In this section, you want to indicate the company want to be transparent by offering an email address, physical address and phone number for people to use should the have questions or problems.
Knowing The Law
Make sure to familiarize yourself with information provided by various US federal and individual state regulations and policies including (but not limited to): COPPA, FERPA, HIPPA, and others.