internet privacy
privacyfinancial privacyfree emailencrypted email
internet privacy
internet browsing risks
email privacy risks
private browsing
shopping privacy
identity theft risks
child privacy
medical privacy
financial privacy risks
password privacy
safe web shopping
privacy cookies
privacy policies
chat room privacy
private email
web browsing safeguards
PC privacy
business privacy help
privacy resources
privacy publications
privacy organizations

Business Help
Privacy resources for concerned online companies

Online E-Commerce Web sites offer a wide variety of products and services with mouse-click convenience. Most Internet users enjoy this emerging marketplace and want to feel comfortable using it.Today’s E-Commerce businesses have an opportunity to lead the trend in developing privacy practices that earn consumer trust and build long-term profits.

A number of business organizations encourage aggressive self-regulation regarding privacy and the collection of personal data online. Here, we offer simple guidelines to encourage online companies to improve their privacy policies and to help make self-regulation work better.


Make a commitment to customer satisfaction
 Respecting customer privacy is sound business practice. It builds deep customer trust and long-term profitable relationships. By contrast, companies that have vague or ill-defined respect for customer privacy (or worse yet, simply ignore the issue) may lose customer trust and never win it back.

These simple guidelines have been compiled to help your online business earn customer trust by respecting and protecting individual privacy.

Review your company’s approach to privacy
Write a comprehensive privacy policy
Add teeth to your privacy policy
Give your customers a choice
Safeguard children’s privacy
If you share data with third parties, disclose their stance on privacy
Post and enforce your privacy policy
Consider acquiring privacy certification
Privacy Policy Template

Review your company’s approach to privacy.
 Begin by evaluating your company’s present privacy standards. Do you know what they are? Are your standards clearly codified in writing? Is your management concerned about how customer information is treated? Do you offer customers a choice about receiving messages from you, and do you obtain their consent before sharing their information with third-party partners? Do you have security measures in place to prevent hackers from invading your customer database? Do your employees thoroughly understand your internal procedures? A frank and thorough review of your current status on privacy will reveal the gaps you need to fill.
back to top

Write a comprehensive privacy policy.
 Your policy doesn’t have to be long, but it must be easy to read. See our template. At minimum, you’ll want to cover the four cornerstones of Internet privacy by disclosing:

  • What information you collect

  • How you use it

  • Who has access

  • How you resolve problems

Tell what information you collect.
Your privacy policy should clearly explain what, if any, information your site collects on the primary user, as well as any information users divulge about another person, such as referrals or people for whom they purchase gifts. When telling how you collect data, distinguish between general statistics and personally identifiable information. If you collect demographic data, tell why. 

Describe the mechanisms you use to collect information, e.g., registration forms, automatic logging files, and so on. Note whether the information is collected voluntarily or involuntarily. Contrast which is optional versus mandatory, and explain why. If your site uses cookies, tell how they work and how you use them.

Tell how you use the information.
Give a clear and complete account of how you store and use personal information. Spell out what messages users may receive as a result of your information collection, such as email announcements or advertisements. Reveal whether you create customer profiles based on browsing or purchasing history. If you append additional data to information collected at your site, make that clear, too.

Disclose any third parties or partners with whom you may share data, and how those third parties will use it. If any third parties collect information on your site, say so clearly in your policy and at the point where the information is collected. If you sell banner ads on your site, disclose how these ads collect information. If you offer chats, forums or message boards, warn customers that information posted in these venues becomes public knowledge. Let customers know how you will notify them if your information usage should change.

Tell who has access to the information.
Make a commitment to accuracy. If you maintain a customer database, implement a formal process for updating the information. Provide a simple means for customers to access their own personal information and to contact you about inaccuracies they may find. Clearly explain how they may delete their information from your database, and give the time frame in which the deletion will occur.

Tell how you will resolve problems.
 If problems arise, make it easy for customers to reach you. Establish a dispute resolution mechanism, and pledge a specific response time. Treat each complaint as a golden opportunity to do the right thing and win a customer for life.

Tell how personal information is stored and secured.
Protect your customer data with appropriate security measures. Your policy and procedures may be admirable, but if your customer data is vulnerable to hackers, the worst may happen. Your files may be stolen, and your customers may be defrauded. If that should occur, you will deservedly lose their trust. So plan ahead, and do all in your power to keep sensitive information secure. Establish a schedule to review your Web site security, and upgrade your technology as needed. Use standard protocols to protect sensitive information. And have emergency procedures in place, with responsibilities for action clearly identified, in the event of a security breach such as a hacker break-in.
back to top

Add teeth to your privacy policy.
 Here are our key recommendations for strengthening the consumer protection offered by your privacy policy:

  • Give your customers a choice to “opt in” for your services.

  • Offer “opt-out” options regularly so customers can easily unsubscribe.
  • Collect information only by voluntary means.
  • Include a verification procedure, such as an email confirmation.
  • Use the information only to serve your customers.
  • Do not share information with third parties unless the customer expressly agrees.
  • Give customers access to their own data and a means to correct inaccuracies.
  • Provide an easy way for customers to contact you, and resolve problems promptly.
  • Protect customer information with appropriate security technology.
  • Do not knowingly solicit information from children under 13 years of age.
  • Advise third-party partners of your privacy policies and the safeguards you require from them.  
    back to top

Give your customers a choice. 
Letting customers choose for themselves is good business. Explain what choices are available to your customers regarding personally identifiable information collection, use and distribution. Before the information is ever shared with third parties or used for secondary purposes, provide a simple means for customers to opt-in, or at the least, opt-out.

We recommend “opt in” as the preferred method. “Opt in” requires the consumer’s consent before information is collected or used. When customers control what they receive from you through “opt in” offers rather than “opt out” negative options; they appreciate your good service. “Opt in” marketing builds stronger customer trust and longer lasting, more profitable relationships. If you use negative options or “opt out” offers exclusively, we encourage you to consider transitioning your marketing efforts to “opt in.”
back to top


Safeguard children’s privacy.
If your Web site actively attracts young visitors, familiarize yourself with the Children's Online Privacy Protection Act (COPPA), the federal act protecting child privacy. You must never entice a child under 13 to divulge personal information. You must always obtain verifiable parental consent before collecting, using, or sharing personal information about children under 13 – without exception. Parental consent must be verified by written form or fax, online credit card information, or other reasonable means.

If parental consent is not verified, you must prevent children under 13 from disclosing personal information, except to respond on a one-time basis or to request the parent’s contact information. If you respond to a child, you must notify the parent and give the parent an opportunity to prevent further contact. At the parent’s request, you must disclose any information collected on a child under 13. On your Web site, you must explain your child privacy policy in terms a child can understand, including the need for parental consent. For more information, see Child Privacy Risks.
back to top


If you share data with third parties, disclose their stance on privacy.
Ideally, you should require your third-party allies and partners to maintain the same privacy standards as your own company. If this is not possible, then clearly disclose to your customers how third parties may handle their data – before customers make a decision to reveal it. When offering links to other sites, include a disclaimer, such as: “Please note: When you click on links to other Web sites, we encourage you to read their privacy policies. Their standards may differ from ours.”
back to top

Post and enforce your privacy policy.
Display your policy prominently on your Web site so your visitors can find it before they decide to use your services. Offer a link to your policy wherever personal information is collected. This will improve customer trust in your Web site.

Then, establish internal procedures regarding privacy practices to ensure that your policy is enforced. Codify your policies and procedures in writing. Train your employees about the importance of privacy. Make them aware of your security policy and practices. Prepare your personnel to handle customer data only in aggregate, not on an individual basis, so that personal privacy is always protected. Limit data access to authorized personnel only.
back to top

Consider acquiring privacy certification.
A number of privacy policy certification programs will review your Web site in order to determine whether you meet their requirements for privacy protection. For more information on these privacy certification programs, read our Privacy Seal Reviews.


PRIVACY POLICY | SITE MAP
 ©2005 Copyright PerfectlyPrivate, Inc. All Rights Reserved