BBB Logo

Better Business Bureau ®
Start With Trust®
San Francisco Bay Area and Northern Coastal California
Understanding Privacy Policy

Telling your customers how you will protect their privacy online is essential in today's business environment and is the law in California since January 1st 2010. The state requires any business operating in California to have a dated privacy policy on their website.   According to U.S. Census data, almost three-quarters of Internet users are concerned about having control over the release of their private information when shopping online. Prospective customers want assurances that their information will be protected before they decide to make a purchase.

 Better Business Bureau believes all responsible businesses should post an easy-to-understand, easy-to-find privacy policy that provides users with a clear understanding of how the business collects information, to what purposes the information is used, and how that information is kept secure. Businesses should also make clear how they will be held accountable for adhering to their policy.

As a business owner or manager, how do you go about doing that? The BBB offers the following suggestions:

The first step is to conduct an extensive internal review of your current Web site and data collection practices. Find out whether your site collects personal data. If it does, determine the type(s) of personal data collected, why it is collected, how it is used, and whether individuals are advised that their personal data is being collected. Is the personal data disclosed to third parties; if so, for what purpose? Who controls the collected personal data and how and where is it stored? Does your business have standards, guidelines and regulations that apply to the collection and use of personal data? Finally, consider the viewpoint of visitors to your site. Do you allow them access to the personal data you have about them? What happens if a visitor has a question about the data you maintain, and what if they are not satisfied with how you answer their question?

Next, you should gain an understanding of current privacy legislation and how to comply with recommended guidelines. Review existing privacy laws that are appropriate to your business. The Federal Trade Commission (FTC) web site, www.ftc.gov, has helpful information on the pertinent privacy requirements for various types of businesses.

The third step is to review available accountability mechanisms that will demonstrate that your business stands behind its privacy policy. BBB and other third-party organizations offer "seal programs" to indicate that a Web site is in compliance with recommended guidelines and practices, and to provide opportunities for dispute resolution.

Now you are ready to create a privacy policy. You will want to incorporate the five core principles of privacy protection recommended by the federal government: notice/awareness; choice/consent; access/participation; integrity/security, and enforcement/redress.  

Remember, once your privacy statement is posted, you are legally liable if you fail to abide by your privacy policy statement or if the statement does not comply with local and national laws. BBB recommends that you seek legal advice if you have any questions or concerns about your policy before it is posted.

Click here for a Sample Privacy Policy

California Privacy Law