Besides the fact that all Online Privacy Alliance members are required to post privacy policies on websites, there are other legal reasons you may need to do so. While the United States does not have any Federal laws that require the posting of privacy policies on websites, many individual states do have this type of legislation. Additionally, the countries within the European Union (EU) have also enacted similar legislation that requires websites that collect personal or identifiable data to post privacy policies regarding its use.
Notice of Data Collection
To satisfy Online Privacy Alliance's requirements for providing notice of your Privacy Notice to site users, you must post a link to the document page in a conspicuous, easy-to-find location. The easiest way to satisfy the posting notification requirement is to post the link on the home page of your website and ensure that the font used is large enough for site visitors to view easily. This is particularly important because the policy must be available for users or visitors to review - before they ever submit any private or personally identifiable data on your website.
Disclosure of Policies
The disclosure also applies to any outside or third-party companies or entities to whom data or information may be sold, give, transferred or otherwise disseminated. If your site or organization engages in the sale or transfer of personal or identifiable data or information, you must list the name, address and contact information of any entities that may receive, view or access the data. Likewise, if you store customer or visitor data or information off site or on a third-party server, you must list the name of the person or entity that owns the location, applicable email addresses and contact information.
Purposes of Collection
Consent to Collect Data
Security of Collected Data
User Access to Data