- Home
- About Us
- Issues
- View All Issues
- Freedom Agenda
- Other Issues
- Top 10 Lists
- Join
- States
- Alabama
- Georgia
- Maryland
- New Jersey
- South Carolina
- Alaska
- Hawaii
- Massachusetts
- New Mexico
- South Dakota
- Arizona
- Idaho
- Michigan
- New York
- Tennessee
- Arkansas
- Illinois
- Minnesota
- North Carolina
- Texas
- California
- Indiana
- Mississippi
- North Dakota
- Utah
- Colorado
- Iowa
- Missouri
- Ohio
- Vermont
- Connecticut
- Kansas
- Montana
- Oklahoma
- Virginia
- Delaware
- Kentucky
- Nebraska
- Oregon
- Washington
- D.C.
- Louisiana
- Nevada
- Pennsylvania
- West Virginia
- Florida
- Maine
- New Hampshire
- Rhode Island
- Wisconsin
- Wyoming
- Take Action
- Blog
- Contact
- Make a Donation
Issues: Privacy Statements
Advice for Web Site Owners
American businesses have moved fairly aggressively over the past few years to implement online privacy policies. Visit any major website (including cse.org) and you are almost certain to see a "Privacy Policy" link on the main page. This statement describes the information management practices for the site, and if you operate a commercial site you should certainly create your own privacy statement (the links below will help automate the task).
If you run a commercial site, there isn't a law requiring that you post a statement, but it is a good business practice to describe your procedures. There is, however, some risk-- if you don't abide by your privacy statement you could be exposed to civil or even criminal liability.
Unfortunately, because of this risk, many privacy statements are full of legal language and difficult to for the layman to understand. In general, a good privacy statement should be easy to read, easy to understand and easy to find on your Web site. It should contain information on the four widely-accepted Fair Information Practices: Notice, Choice, Access, and Security.
Notice is accomplished by placing a privacy statement on your website that fully describes how you manage data. Choice will detail how your business permits consumers to opt-in or out of certain types of data collection or direct marketing contact. Access describes your policy towards consumer access of their data, such as viewing, editing, or deleting. Finally, the security section of your statement should, in general terms, state that you are taking reasonable steps to protect sensitive customer data.
This is just a beginning, and you should use the resource links below to help you along. A privacy statement is a good vehicle to begin a discussion of privacy practices at your business. As such, don't forget to promote your policy internally to your employees, and make sure to change the policy if your business model changes.
Direct Marketing Association (DMA) Privacy Policy Generator
Trust-E Privacy Wizard
Microsoft's bCentral Privacy Statement Generator
