Answer: When it comes to privacy policies, many websites are faced with a Catch-22. Make it too restrictive, and you won't attract advertisers. Make it too liberal, and you'll scare away visitors. Here are some basic tips for staying out of trouble:
- Don't do it yourself or "borrow" from other websites. There are no boilerplate privacy policies. Tell your attorney what you want to accomplish and let him or her search the web for the right language.
- Make a precise list of all the information you collect from visitors.
- State clearly to whom visitor information will be disclosed. If you plan to sell customer data to advertisers, say that information will be disclosed to "our partners and affiliates."
- Give visitors the opportunity to exclude their information from disclosure, and tell them how. You might say, for example, to send an e-mail to firstname.lastname@example.org .
- If children under 13 are visiting your website, tell them they need a parent or guardian's consent (and provide the consent form for them). If you find out certain users are lying about their age, boot them off the site immediately.
- Have your policy approved by Truste , a "Good Housekeeping Seal" for privacy policies. But be careful: They'll check your site periodically to make sure you're still following the rules.
Finally, check with your attorney at least once a year--and whenever you change your data collection forms--to see if your policy needs to be changed or updated.