|
|
|
|
Does
your Web Site collect information?
Does your Web Site post a privacy policy?
If not, post one today. Here's how:
|
|
Consumers
and government regulators are looking at Web Sites to determine
how well business protects consumer privacy. The first thing they
look for is a prominently posted and clearly written privacy policy.
The Online Privacy Alliance encourages all commercial Web Sites
to post such policies. A good privacy policy informs consumers
about what information the Web site collects and what they do
with that information once it is collected. In developing your
own privacy policy, ensure that it contains all the elements of
the Alliance Guidelines and that the policy is backed up by effective
enforcement. To help businesses seeking to develop and post a
privacy policy, we have compiled a list of useful resources that
you'll find listed below.
Base
Your Privacy Policy on Credible Guidelines
Make sure you take a look at our Guidelines
for Online Privacy Policies. These Guidelines discuss the
key elements to be considered in creating a privacy policy:
In the special case of children, the Online Privacy Alliance recommends
against the online collecting of contact information from children
under 13 without prior parental consent, or direct parental notification
of the nature and intended use of this information. For more on
kids privacy, be sure to see our Kids
Privacy Guidelines as well as the Federal Trade Commission's
Rule
regarding the Children's Online Privacy Protection Act.
If your site does not have a privacy policy, or if your current
policy does not conform to the criteria above, check out the resources
below.
Resources
Enforcement
Guidelines
The Online
Privacy Alliance believes that validation of privacy policies
by trusted third parties may be necessary to grow consumer confidence.
In our Guidelines for Effective
Enforcement of Self Regulation, the Alliance describes how
Web operators should assure that their privacy policy commitments
are enforced by third parties.
Enforcement Programs
Seal
Programs: The Alliance supports third-party enforcement
programs that award an identifiable symbol to signify to that
the Web operator has implemented and is abiding by effective
privacy practices. These enforcement programs are often referred
to as "seal programs" and the Alliance has identified several
that meet the description set forth in our Guidelines
for Effective Enforcement of Self Regulation.
Other Enforcement Programs: Other groups have
established programs to assure that Web operators comply with
their stated privacy practices.
Government
Enforcement: The Alliance believes that the enforcement
of existing laws by government, combined with industry self-regulation,
creates "adequate" safeguards for the protection of personal
information collected online in the United States. The Alliance's
Legal Framework White Paper paper details this "layered" approach.
Legal Framework White Paper,
Word 6.0, PDF
Other
Helpful Resources
Privacy
Seminar:
The Software
& Information Industry Association has created set of resources
to help businesses develop online privacy policies. The seminar
explores how privacy laws affect online business, identifies
elements of an effective privacy policy, provides checklists
for policy development, and supplies a wealth of additional
resources for the business community.
Diagnostic Tool:
The United
States Council on International Business' (USCIB) Information
Policy Committee and Working Group on Privacy and Transborder
Data Flows developed the USCIB diagnostic
as a tool for use by companies in developing effective privacy
guidelines.
Privacy Action by Industry Leaders:
This list
is a partial review of what some
Online Privacy Alliance member companies and trade associations
have done to help develop a system that safeguards privacy through
rigorous, self-regulatory policies and practices.
Privacy Enhancing Technology Tools:
Check out
the growing range of new technological
tools available to help consumers control the information
they share, surf anonymously, and remove their name from e-mailing
lists.
Seal Programs and Other Third-Party Enforcement Programs
The
Better Business Bureau OnLine
For a half-century,
consumers have looked for a BBB seal to confirm that a business
is engaged in ethical business conduct. Today, the BBB has two
similar programs for electronic commerce--a reliability seal
program and a new privacy seal program. Companies that meet
high BBBOnLine Standards for protecting personal privacy will
exhibit a BBBOnLine privacy seal on their web sites. The privacy
seal will provide consumers with assurance that a website collecting
personal information says what it does, does what it says, and
has it's Privacy Policies and Practices verified by the Better
Business Bureau Online. The program includes a state of the
art mechanism for consumer recourse. A seal program for childrens'
sites is also available.
CPA
WebTrust Program
With the
CPA WebTrust Program, a specially licensed Certified Public
Accountant examines a company's website to ensure that its Internet
transactions meet the program's accepted high standards in three
key areas: information protection (including security and the
protection of private information), business practices and privacy
(which includes testing of an on-line business's privacy policies
and stated business practices), and transaction integrity (which
includes testing to ensure transaction validation, accuracy
of processing and billing, and on-time delivery of goods or
services). If all criteria are met, the website receives a WebTrust
seal, which is reviewed at least every 90 days by a licensed
CPA. WebTrust's features include a built-in consumer recourse
mechanism, a digitally secure seal that is protected by industry-leader
Verisign, ease of recognition by consumers, and ease of implementation
by business.
Entertainment
Software Rating Board
ESRB Privacy
Online is a comprehensive, cost-effective seal provider service
created by the Entertainment Software Rating Board. As a leading
self-regulatory body for the better part of a decade, ESRB is
committed to protecting personal information collected and exchanged
over the internet.Internet through broadband is especially vulnerable to privacy issues due to it's usually fixed IP address which can idebtify the user even when surfing anonmously. This privacy program is especially dedicated
to protecting the personal data of children through its Principles
and Guidelines for Fair Information Practices, educational services
and its easily recognizable seal. Participating companies must
create and abide by an approved privacy policy and submit to
ongoing oversight mechanisms including: periodic monitoring,
random seeding, and an online consumer hotline. Other program
features include: free alternative dispute resolution services,
an online privacy statement "Composer," and a team of legal
and business experts trained to assist Web publishers in creating
effective, easily understood, privacy statements.
TRUSTe
TRUSTe is
a non-profit, third-party oversight "seal" program, committed
to building users' trust and confidence in the Internet accelerating
growth of the Internet industry. Licensees are able to display
the TRUSTe trustmark after they have agreed to abide by certain
data practice and disclosure standards. TRUSTe provides ongoing
oversight and resolution processes. A seal program for Children's
sites is also available. The TRUSTe sight offers a privacy statement
"Wizard" as well as resources for Web site publishers and consumers.
DMA
Privacy Promise
The DMA Privacy
Promise seeks to "raise the bar" for privacy practices by ensuring
that DMA members adhere to certain privacy practices, and by
challenging all non-DMA industry members to meet this high standard
as well. You can learn more about the Privacy Promise by reviewing
the Privacy Promise Compliance Guide at the DMA
Web site. If you are a DMA member, you can obtain specific
information about what you must do to comply with the Privacy
Promise in the members only section.
Individual
Reference Services Group
If your company
is in the individual reference services business (i.e. providing
information that assists users in identifying and locating individuals),
then you might consider joining the Individual Reference Services
Group ("IRSG"). Compliance with the IRSG "principles" are enforced
by annual outside assurance reviews.
Some government sites to look at:
US
Federal Trade Commission "About Privacy" Web Site
Information
about what the US Government is doing to address consumer concerns
about privacy online.
1980 Organization for Economic Cooperation and Development Guidelines
on Privacy and Transborder flows
Public Interest Groups:
The following public interest organizations' sites may be of interest.
|
|
