How to Create a Private Policy?
In light of recent FTC legal developments against the startup Nomi for collecting private data, here is a primer on creating the perfect private policy for your business.
Step 1: WHAT
Determine what information you want to collect. Common information includes Name; Email Address; Mailing Address; Phone Number; and Credit Card Information.
Step 2: WHEN
Determine when you collect the information. You can ask a user to register on your website or join a newsletter. You can also bait them with a white paper.
Step 3: WHY
Why do you want to collect user information? Will you use it to improve the website, customer service, send emails?
Step 4: DEFINE
Define Steps 1-3 into a paragraph. Keep the language simple and honest. The trend is to avoid legal jargon. Tell the user concisely, when, and why you are collecting the information.
Step 5: Payment Card Industry Compliance
If you sell anything online, then you need to comply with the PCI guidelines. PCI compliance means you must scan your website regularly. This includes scanning for malware every so often. For more information: www.pcicomplianceguide.org/pci-faqs-2/
Step 6: COOKIES
Not the type you eat. A cookie is a file stored on a user’s computer. This deserves an entire paragraph of two. You need to DEFINE why you need a cookie: Is it to help users? Is it to track advertisements? Is it to compile data that you will use later? Define clearly how the cookie collects the information and why you need to collect information. Also notify users that they can disable cookies.
Step 7: THIRD PARTY
Do you use third party links? Are you offering third party products or services? Remember third parties have different websites and should have separate and independent privacy policies. Make sure you include a paragraph stating you are NOT responsible or liable for what happens outside your website.
Step 8: SELLING / TRADING
Some websites collect information to sell or trade Personally Identifiable Information. This is a big business. If you sell or trade you need to include paragraphs with clear language stating exactly what information you are sharing and how you share it. I do not advise selling or trading PII. It’s a landmine.
Step 9: ADSENSE
Step 10: Children’s Online Privacy Protection Act
If you collect information from children under the age of 13 you will have to comply with COPPA. For more information see: www.coppa.org/comply.htm
Step 11: Fair Information Practice
Yeah, another agency. Rather than bore you too much you can check out this website: http://www.nist.gov/nstic/NSTIC-FIPPs.pdf Make sure you have a plan that notifies users if there is a data breach.
Step 12: CAN-SPAM
And another… Here’s the information: https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business
Step 13: FINISHED?
The above should cover the large majority of websites. However, if you have specific questions feel free to contact a lawyer.
No Call Lists (Phone): telemarketing.donotcall.gov
Before you call a potential client you have to make sure they are not on donotcall list. The first few area codes are free, but there’s a fee for additional. Complaints can result in fines. And repeat violators can face even heavier penalties.