NFIB

Build Customer Trust with Online Privacy Policies
11/ 17/ 2003

by Kelle Campbell

You've heard that having a privacy policy or statement on your Web site and in your email marketing messages is highly recommended. But do you really understand what should be in your privacy policy?

Although most customers will not read privacy policies, you should be prepared for those who do. Currently, aside from the Children's Online Privacy Protection Act (COPPA), the Federal Trade Commission (FTC) limits itself to enforcing the privacy policies that individuals themselves create. This means you'll only face legal problems if you violate your own statements. All it takes to avoid trouble and earn the trust of customers and prospects is a comprehensive, straightforward policy.

Policy Content

First, regularly confirm that your privacy policy reflects your current practices. Many companies put customers' personal information to new uses without remembering to update their policies.

Make the policy easy to read by omitting corporate or legal jargon. Also, ensure that it is easy to find by posting links to it on as many sections of your Web site as you can. If you don't want to put the links everywhere, at least make sure you have them on relevant pages, such as those with subscription, order or purchase forms, as well as on your more prominent pages.

The Direct Marketing Association (DMA) Web site contains an online tool (at www.the-dma.org/privacy/creating.shtml) that actually helps users draft content for their specific privacy policy, including the use of postal addresses and phone numbers, whether information is collected through cookies or shared with third parties, general security procedures for protecting collected information and more. The Entertainment Software Rating Board also provides an online Privacy Composer at www.esrb.org/composer/create_policy1.asp (requires free registration).

If you're still uncertain about what to put in your policy, research the policies of leaders in your industry. After looking at a few, you should have an idea of what others are doing and what types of information would prove useful to you.

The type of privacy statement you post in your emails will depend on your preferences and particular situation. Some emailed materials, such as newsletters, contain brief messages promising not to send subscribers' information to third parties while others contain links to the owner's policy Web page.

Children's Online Privacy Protection Act (COPPA)

If your for-profit Web site or online service targets children under the age of 13, or if you know that your audience includes children, you must comply with the COPPA rules.

One basic requirement is that you create a notice of your information practices and post a link to it on your home page and any area where you collect children's personal information. You should also provide a direct notice to parents, which should contain the same information included on your Web site's privacy statement.

In addition, you must notify a parent when you wish to collect personal information from the child. The regulations set out guidelines for this as well as exceptions that allow you to collect a child's email address without getting a parent's consent in advance.

For details on COPPA, visit the FTC online at www.ftc.gov/kidzprivacy. You can also call the FTC's Consumer Response Center toll-free at 1-877-FTC-HELP (382-4357).

Opt-Out Opportunities and Suppression Files

Another best practice is to allow individuals to opt out of receiving your messages or participating in your programs. Email marketing pieces usually have this information at the end of the message, and your Web site's policy should have opt-out instructions. If you own a customer or prospect list and are working with vendors or partnering in a joint marketing venture, make sure the relevant people in the other organizations understand that they should send you any opt-out requests they receive.

When you do receive a request for no future contact, add it to an in-house file of all the people who do not want to receive your promotions. Cross-reference the file with prospect lists you rent or exchange. You can also investigate using suppression services for a more expanded list of individuals who do not want to be contacted. For details such as when you should try contacting that individual again, access the DMA's guidelines at http://www.the-dma.org/privacy/privacypromise.shtml.

Obtain Third-Party Verification

According to a 2002 study by marketing research company Harris Interactive, 62 percent of consumers favored independent authentication of company privacy policies, and 91 percent would be more inclined to do business with a verified organization. You can obtain privacy "seals of approval" by enrolling in programs from Truste.org (a nonprofit) or BBBOnline.org (from the Better Business Bureau). Investigate whether your industry or related associations support similar privacy seal programs.

Concern about online privacy will continue to be a major issue as collection technology improves. Taking measures to reassure Web site visitors will give you an added advantage now and in the future.

Do you need an attorney?

An attorney may be helpful in drafting a privacy policy or in reviewing what you have drafted, especially if you have to comply with COPPA. Even if you don't, it's a good idea to review the wording, intent and execution of any business policy with your attorney.

Small Business Sound Off
Does this story hit home?  Share your story with us