BBB Logo

Council of Better Business Bureaus ®
Start With Trust®
Council of Better Business Bureaus
"Information Security" How to Create an Online Privacy Policy
July 06, 2010
Telling your customers how you will protect their privacy online is essential in today's business environment. According to U.S. Census data, almost three-quarters of Internet users are concerned about having control over the release of their private information when shopping online. Prospective customers want assurances that their information will be protected before they decide to make a purchase.

The Better Business Bureau believes all responsible businesses should post an easy-to-understand, easy-to-find privacy policy that provides users with a clear understanding of how the business collects information, to what purposes the information is used, and how that information is kept secure. Businesses should also make clear how they will be held accountable for adhering to their policy.

As a business owner or manager, how do you go about doing that? The BBB offers the following suggestions:

The first step is to conduct an extensive internal review of your current Web site and data collection practices. Find out whether your site collects personal data. If it does, determine the type(s) of personal data collected, why it is collected, how it is used, and whether individuals are advised that their personal data is being collected. Is the personal data disclosed to third parties; if so, for what purpose? Who controls the collected personal data and how and where is it stored? Does your business have standards, guidelines and regulations that apply to the collection and use of personal data? Finally, consider the viewpoint of visitors to your site. Do you allow them access to the personal data you have about them? What happens if a visitor has a question about the data you maintain, and what if they are not satisfied with how you answer their question?

Next, you should gain an understanding of current privacy legislation and how to comply with recommended guidelines. Review existing privacy laws that are appropriate to your business. The Federal Trade Commission (FTC) web site, www.ftc.gov, has helpful information on the pertinent privacy requirements for various types of businesses.

The third step is to review available accountability mechanisms that will demonstrate that your business stands behind its privacy policy. The BBB and other third-party organizations offer "seal programs" to indicate that a Web site is in compliance with recommended guidelines and practices, and to provide opportunities for dispute resolution. For more information, visit BBBOnLine, TRUSTe, and CPA WebTrust.

Now you are ready to create a privacy policy. You will want to incorporate the five core principles of privacy protection recommended by the federal government: notice/awareness; choice/consent; access/participation; integrity/security, and enforcement/redress. You

Remember, once your privacy statement is posted, you are legally liable if you fail to abide by your privacy policy statement or if the statement does not comply with local and national laws. The BBB recommends that you seek legal advice if you have any questions or concerns about your policy before it is posted.