As a business owner or manager, how do you go about doing that? The BBB offers the following suggestions:
The first step is to conduct an extensive internal review of your current Web site and data collection practices. Find out whether your site collects personal data. If it does, determine the type(s) of personal data collected, why it is collected, how it is used, and whether individuals are advised that their personal data is being collected. Is the personal data disclosed to third parties; if so, for what purpose? Who controls the collected personal data and how and where is it stored? Does your business have standards, guidelines and regulations that apply to the collection and use of personal data? Finally, consider the viewpoint of visitors to your site. Do you allow them access to the personal data you have about them? What happens if a visitor has a question about the data you maintain, and what if they are not satisfied with how you answer their question?
Next, you should gain an understanding of current privacy legislation and how to comply with recommended guidelines. Review existing privacy laws that are appropriate to your business. The Federal Trade Commission (FTC) web site, www.ftc.gov, has helpful information on the pertinent privacy requirements for various types of businesses.
A link to a sample template is at the bottom of the page for your review and use once you have edited it to meet your actual policy.