Recent high-profile data breaches like the ones at Sony and Target have raised consumer privacy concerns to new levels. It's important that your company website has a privacy policy in place, especially because, as Mintz Levin notes, this is often required by law. If you think only the big guys like Google, Facebook and Microsoft need to worry about potential lawsuits, think again. Your bottom line is also at risk.
The Importance of Privacy Policies
According to TRUSTe, studies have shown that consumers take action based on their privacy concerns. Up to 89 percent of U.S. Internet users claim to avoid doing business with companies where they believe their privacy is not protected. In one such study, conducted at Carnegie Mellon University, consumers were more likely to purchase from sites where privacy information was accessible. More interesting still, these participants were willing to pay more for the same items when they believed their privacy was secure. It's likely there's untapped potential in gaining your website visitors' confidence.
You may be considering visiting a competitor's website and copying its privacy policy, but this is not a good idea. The language you borrow may not correctly describe your actual privacy practices. Inaccurate disclosures can be very expensive.
Accuracy and Flexibility
The purpose of a privacy policy is to inform and protect consumers. Consumer protection is the responsibility of the Federal Trade Commission (FTC) and of state attorneys general. Regardless of a jurisdiction's privacy laws, these enforcers can and do sue and fine sites whose privacy policies are inaccurate. The FTC also publicizes its enforcements and penalties, adding to a company's potential embarrassment and loss of customers. An attorney who knows about privacy is your best bet for developing a policy that's both accurate and flexible enough for future use. If you deal with children, take health or financial data, or operate in other countries, finding a competent lawyer is a must. If not, there are organizations like TRUSTe and P3P Wiz that offer templates and consulting services.
Here's just one example of a widely used and potentially problematic statement: "We will not share your information with any third party." What's wrong with that, if you're not selling data? Operating a website means working with legitimate third-party sites that you share user information with — your site's hosting company, the user's own ISP, the courier delivering purchases, the banks clearing credit card payments. Getting it right is worth it.
There's another upside to crafting an accurate, flexible privacy policy. Understanding how your organization collects, uses and shares information can show you how you may be underutilizing your data. This knowledge can help you find new ways to serve and communicate with your customers, while providing them peace of mind. Ultimately, consumer confidence affects us all — not just as businesses, but as individuals, too.