5-point Plan to Avoid Online Privacy Minefields
Almost all Web sites collect and extrapolate information about their users to enhance the users' experience and provide customized services. As technology that tracks and profiles Internet users continually becomes more advanced, the potential for online privacy violations and resulting liability can be a minefield.
However, by following a handful of basic measures, you can ensure the fair use of information while allowing individuals to participate in decisions on the disclosure and use of their personal information.
- Notice: Consumers are entitled to know when information is being collected, how it will be used, and when personal information might be disclosed to others. Notice should include the consequences to the consumer of refusing to give the information. It should also address the issues of choice, access, and security (see below).
- Choice: Consumers should have choices about how their information is used or disclosed beyond the original purpose for which it was provided (e.g., to complete a transaction). Choice may be opt-in (e.g., click here to receive valuable information from our sponsors) or opt-out (e.g., click here if you do not want to receive new product announcements). Opt-in affords stronger privacy protection because it establishes a default rule against disclosure and use.
- Access: Consumers should have access to stored information about them and an opportunity to correct inaccuracies or delete data.
- Security: Web sites should protect the security of the data and ensure its integrity and accuracy.
- Enforcement: These principles must be enforceable to be effective. You should have procedures in place to address infractions.
Apart from damaging consumer confidence, a company's failure to adopt and follow reasonable privacy policies creates a significant risk of liability. The development of company-wide information collection practices, including notice and disclosure of such practices to consumers, is critical to establishing and maintaining consumer confidence and a viable online presence.
Internet privacy law is in its infancy. There remains significant uncertainty in this area, given the absence of clear legal precedent; proliferation of privacy-related litigation nationwide; and the emergent body of state, federal, and international regulation. For example, federal banking regulators are accepting comments on proposed privacy regulations for financial institutions.
Since the passage of the Gramm-Leach-Bliley Act of 1999, state legislatures have been preparing privacy statutes and regulations that will affect companies from many industries. The Yahoo! Inc., DoubleClick Inc., and Amazon.com Inc. litigations, and the class action lawsuits filed against RealNetworks for secretly tracking the music-listening habits of its users through RealJukebox (free software downloaded from the RealNetworks Web site) all reflect the propensity of the dot.com world to become involved in litigation alleging privacy violations.
There are many online resources that are excellent for small businesses. For example, the Online Privacy Alliance Web site is an excellent educational resource. The Alliance has roughly 100 corporations and associations as members, and is committed to working with government to avoid having the public debate over Internet privacy result in unnecessary anti-industry sentiment. Also, there is an extensive hyperlinked reference to privacy-related news stories and legal resources, the E-Commerce Law Source.
The discussion above is for informational purposes only, and is certainly not a substitute for consulting a qualified lawyer to examine the issues and risks of your particular venture.
Related legal articles
We look forward to the opportunity to discuss any questions you may have regarding the range of business, technology and intellectual property services we offer. Our law office is based in Chicago, Illinois. Please feel free to call us at (866) 734-2568 should you have any questions.