Tips for Business: Why a Privacy Policy is the New Best Practice

September 13, 2012

By Melanie Alakkam, Business Standards Analyst


The Internet has become a universal source of information for millions

of people, at home, at school, and at work. Almost any business can reach a very large market, regardless of the company’s size or location. Consumers use the Internet to shop, bank, invest and even to meet a mate. As Internet transactions increase, consumers use credit or debit cards to pay for online purchases or supply other personally identifiable data.

More than ever, consumers care and are worried about the privacy and security of their personal information. Consumers are aware that if sensitive data falls into the wrong hands, it could lead to fraud or identity theft. Businesses should understand the importance of being clear about what is done with consumer data and what data is being collected. Safeguarding personally identifiable data is quickly becoming an increasingly important role as a best business practice in today’s marketplace. Businesses with clear privacy policies can stand out against their competitors.

Better Business Bureau (BBB) takes consumer privacy very seriously. BBB Accredited Businesses agree to adhere to the BBB Code of Business Practices, which includes a standard for protecting consumer privacy. Since January, 2012, BBB serving Dallas and Northeast Texas has initiated 73 privacy policy requests for Accredited Businesses conducting e-commerce. BBB asks that the privacy policy be posted in an area of the website that is viewable prior to or at the time the consumer supplies personally identifiable data.

Failure to comply with Standard 7 of the BBB Code of Business Practices could lead to suspension or revocation of the accreditation status of a business. This standard requires the following:

7. Safeguard Privacy

Protect any data collected against mishandling and fraud, collect personal information only as needed, and respect the preferences of customers regarding the use of their information. An accredited business or organization agrees to:

A. Respect Privacy
Businesses conducting e-commerce agree to disclose on their website the following:

• what information they collect,
• with whom it is shared,
• how it can be corrected,
• how it is secured,
• how policy changes will be communicated, and;
• how to address concerns over misuse of personal data.

B. Secure Sensitive Data
Businesses that collect sensitive data online (credit card, bank account numbers, Social Security number, salary or other personal financial information, medical history or records, etc.) will ensure that it is transmitted via secure means. Businesses will make best efforts to comply with industry standards for the protection and proper disposal of all sensitive data, both online and offline.

C. Honor Customer Preferences
Businesses agree to respect customer preferences regarding contact by telephone, fax and e-mail, and agree to remedy the underlying cause of any failure to do so.

Some businesses may have the expertise in-house to implement a privacy policy while smaller businesses may find it helpful to hire a webmaster. Regardless of the size or nature of the business, the necessity for a privacy policy remains the same.

BBB offers tips on establishing a privacy policy or see guidelines on privacy and security from the Federal Trade Commission (FTC). The Direct Marketing Association and Online Privacy Alliance are useful resources to assist in establishing a privacy policy.

Once a privacy policy is posted online, it is crucial that a business adheres to it. An online service provider that doesn’t follow its privacy policy may violate state and federal consumer protection laws, the Texas BUSINESS AND COMMERCE CODE Sec. 501.052 and Section 5 of the Federal Trade Commission Act.

BBB is not a regulatory or law enforcement agency, but does recommend that business owners be aware of the FTC's stance on consumer privacy. An FTC report on consumer privacy in May 2012, Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers, calls on businesses to implement best practices to protect consumers’ private information. The report goes on to say that the FTC is calling on Congress to consider enacting baseline privacy legislation and reiterates its call for data security legislation. At the same time, the FTC urges businesses to accelerate the pace of self-regulation.

For many businesses, collecting sensitive consumer information is a vital part of daily business. As more e-commerce transactions take place on the Internet, businesses are collecting, storing, and sharing more information about consumers than ever before. While businesses are providing service to consumers, they should not do so at the expense of consumer privacy.

Businesses should embrace this new best business practice by posting and adhering to a privacy policy. By taking this proactive approach, businesses can garner stronger consumer trust in the ever growing world of e-commerce.

Should you have questions about privacy policies and Standard 7 of the BBB Code of Business Practices, feel free to contact Phylissia Landix, Director of Ad Review, at, or Melanie Alakkam, Business Standards Analyst, at