Customer Privacy Policy Essentials What every online business should know about protecting customer information.

By Lindsay LaVine

Opinions expressed by Entrepreneur contributors are their own.


Business owners deal with customer information every day -- from shopping preferences to purchase history and personal information including credit card numbers and home addresses. We spoke with two privacy experts to find out what you need to know to develop a privacy policy for your online business.

"Every business should protect Personally Identifiable Information (PII)," says
S. Jenell Trigg, chair of the New Technology and Media Practice Group at Washington, D.C.-based law firm Lerman Senter.

PII is any customer information that a business collects such as a customer's name, home address, phone number, e-mail address, or social security number. Trigg says privacy policies are especially important for online businesses because information is easier to collect and can be abused more readily.

Joanne McNabb, director of Privacy Education and Policy with the California attorney general's office, says companies should develop a privacy policy for several reasons. If your company has customers in California, it's the law to disclose what information is being collected and how the information will be used. It's also a trust-building practice with customers who are concerned about how their information is being used.

Related: Customer Privacy: What You Need to Know About Social Media, Passwords and Transparency

Here are six tips to consider when developing your privacy policy:

1. Decide how long you will keep customer information.
McNabb recommends businesses disclose how long they will keep information in their policy. For sensitive information, such as credit card numbers, data breach notification laws in many states require businesses to contact consumers and state regulatory agencies if computer systems are hacked or disrupted. The longer you hold on to customer data the greater the risk consumer information will be compromised.

2. Make your policy easy to read.
Privacy policies used to be lengthy and hard to understand. Trigg notes that companies are now encouraged to provide shorter, concise, user-friendly privacy policies that describe what information is gathered and whether it's shared with other companies.

3. Craft clear and conspicuous disclosures.
Your website should have an easy-to-find link to your privacy policy. Apps should have a link on the app platform so customers can know what information will be collected and how it will be used before they download.

4. Don't copy another company's policy.
Trigg cautions against using another company's privacy policy to write yours. "It is very important that a business accurately reflect its actual business and security practices in its privacy policy," Trigg says. If a business copies another company's privacy policy, the Federal Trade Commission (FTC) or state law enforcement groups may find that a business has engaged in deceptive trade practices.

5. Consider hiring an expert.
Lawyers specializing in privacy and data security know the law in various jurisdictions and have experience advising clients, from small to large businesses, regarding privacy matters.

6. Look for resources to help develop your policy.
In addition to seeking out professional guidance, many states provide "best practices" handbooks, available on state government websites. The FTC recently released a list of recommendations to businesses and advertisers, such as providing easy-to-read consumer disclosures and obtaining user consent before collecting sensitive information.

Related: How 'Do Not Track' May Hurt Businesses

Wavy Line

Lindsay LaVine is a Chicago-based freelance writer who has worked for NBC and CNN.

Editor's Pick

A Leader's Most Powerful Tool Is Executive Capital. Here's What It Is — and How to Earn It.
One Man's Casual Side Hustle Became an International Phenomenon — And It's on Track to See $15 Million in Revenue This Year
3 Reasons to Keep Posting on LinkedIn, Even If Nobody Is Engaging With You
Why a Strong Chief Financial Officer Is Crucial for Your Franchise — and What to Look for When Hiring One

Related Topics

Business News

New York Lawyer Uses ChatGPT to Create Legal Brief, Cites 6 'Bogus' Cases: 'The Court Is Presented With an Unprecedented Circumstance'

The lawyer, who has 30 years of experience, said it was the first time he used the tool for "research" and was "unaware of the possibility that its content could be false."

Business News

More Americans Are Retiring Abroad, Without a Massive Nest Egg — Here's How They Made the Leap

About 450,000 people received their social security benefits outside the U.S. at the end of 2021, up from 307,000 in 2008, according to the Social Security Administration.

Business News

Lululemon Employees Say They Were Fired for Trying to Stop Shoplifters

Two Georgia women say Lululemon fired them without severance for trying to get thieves out of the store.

Business News

Woman Ties the Knot at White Castle Almost 30 Years After the Chain Gave Her Free Food as a Homeless Teen

Jamie West was just 12 years old when she ran away from the foster care system.


How to Be a Good Role Model for Your Employees, Customers and Community (and Why It's Important)

How your choices can ignite a positive chain reaction and transform your business.