Designs Designers Tools Guides Forums
Wow Web Designs Home
Click for more information

HomeHome   Top 25Top 25   Wow ListsWow Lists   Latest ReviewsLatest Reviews   LoginLogin

SearchSearch   SuggestSuggest   PrintPrint   E-mail to a friendE-mail    Leave feedbackFeedback   Give a RatingRate


Privacy on the Web: Introduction
Privacy on the Web:
Why Every Site Should Implement a Privacy Policy

The proverbial wind is blowing towards federal legislation that will make a privacy policy not just a good idea, but also the law.
by Ken Wilson March 23, 2002


Quick Jump:   Introduction  |  FTC Recommendations Part 1  |  FTC Recommendations Part 2
Conclusion  |  Resources  |  References


One of the most important things that you may do this year may be implementing a privacy policy for your web site. Now I realize that statement may seem overly dramatic, but the proverbial wind is blowing towards federal legislation that will make a privacy policy not just a good idea, but also the law. If you are in the financial industry or your web site has users under 13 years old you are already covered by legislation mandating a privacy policy. In fact, "Dozens of leading Web sites are adopting the Internet's version of nutrition labels, giving visitors a quick sense of how well they honor surfers' personal privacy." (CNN 2002) With the understanding that a privacy policy is becoming a necessity, let us examine the elements of a good privacy policy, and look at some examples (both good and bad), so that you will leave with ideas for your own site. Before we begin, realize that privacy is a large, poorly defined and often contradictory set of ideas, ideals and laws that differ from state to state and country to country. This article is by no means authoritative, and reflects primarily US Federal laws. There are laws in place that govern individual states, and the European Union has a very comprehensive set of laws pertaining to users information. Make sure that you consult a professional who has intimate knowledge of the areas in which you will be doing business before you draft your policy.

The primary federal agency in the United States that is responsible for enforcement of existing privacy laws, and for recommending new legislation, is the Federal Trade Commission, hereafter referred to as the FTC. In a 2000 study, titled Privacy Online: Fair Information Practices In The Electronic Marketplace (FTC 2000), hereafter referred to as the FTC Report, the FTC outlines 4 areas that need to be addressed in order to meet their definition of Fair Information Practices. We will look at each area in turn, but first let’s take a quick side trip to existing laws that cover specific market segments.

There are two major federal laws in place that you need to be familiar with and may need to be reflected in the policy that you draft. They are the Children’s Online Privacy Protection Act (COPPA for short) and the Gramm-Leach-Bliley Act. While full coverage of these laws is beyond the scope of this article, we will take a quick look at them before we move on to the FTC recommendations for all consumer related web sites.

COPPA
As its name suggests, COPPA was enacted by Congress to control access to the personal information of children under the age of 13. If you are collecting a full name, home address, phone number, email address or other personal identifying information, you are required to post a link to a disclosure of your information practices prominently on your site. The information must include a full list of the site operators with their contact information, what information you are collecting and how it is being collected, how the information will be used, and whether it will be shared with third parties and if so, their contact information. In no case are you allowed to require the disclosure of more information than is necessary to participate in an activity. Besides disclosing the information that you collect, you must give the child’s parent the opportunity to opt their child out of the data collection and/or the disclosing of information to a third party. Finally, you must give the parent the opportunity to review their child’s information for correctness and to delete it completely. COPPA extends beyond the disclosures that you make on your site. If you fall under the COPPA regulations, consult a legal professional for more information.

GLBA
The Gramm-Leach-Bliley Act (GLBA) places limitations on the disclosure of financial information to non-affiliated third parties. The general concepts of GLBA require financial institutions to provide an opt-out procedure for customers who do not wish to allow their non-public information to be disclosed to a third party. The disclosure requirements and exceptions are very specific and hold the financial institutions that fall under its purview to a higher standard than most other industries. The resources at the end of this article contain a link to the GLBA text on the FTC web site so that you can review the requirements yourself. Since it is a large topic unto itself, as with COPPA, it is advisable to seek legal council before you draft your policy.

Next: FTC Recommendations Part 1


Ken Wilson has over 15 years of IT experience, primarily in the legal and financial industries. For the past several years his focus has been on Internet Development, building systems for dotcoms such as Juniper Financial and Bill-Me-Later.com and is currently hard at work on an Investor Portal for Deutsche Bank. Ken is a Senior Architect at Kaloke Technologies, Inc. and a Product Manager for their successful KWML framework.

This article copyright © 2002 by Ken Wilson for Wow Web Designs.


Rating: 6.7 (2 votes)  Rate this power guide


 Subscribe to our newsletter - your e-mail: Glossary | Link to Us | Credits  
  Designs | Designers | Tools | Guides | Forums  

Click for more link buttons
Copyright © 2000-2003 Aycan Gulez. All rights reserved. The designs displayed in screenshots are copyrights of their respective owners.