Privacy and Terms of Use Policies Need Regular Updating

A website’s privacy policy is a legally required statement detailing how you will capture, use and sell identifiable data you’ve gathered from site visitors. Data can be anything from someone’s name or email address to a social security number or credit card number. Privacy policies are overseen by the Federal Trade Commission (FTC), as well as by some states, like California, with stricter privacy laws. In addition, federal law restricts the use of personal data obtained from children under age 13.

The challenge of an updated privacy policy lies in making sure that yours reflects your actual privacy practices. What can make this tricky is that, as you grow your business, your practices can change. “It’s one of those things that seems like a low-risk endeavor; you kind of forget about it as you start running your business,” says Dallas e-commerce attorney Gary Sorden, of Klemchuk. “But it’s not a set-it-and-forget-it. Your privacy policies may be good one day but not good the next day. Usually, this is not the first thing on a CEO’s mind.”

For example, Sorden continues, “If you’re an online marketplace, are you going to sell your data? Are you going to use it for your own internal analytics? And how do you make people aware that you’re doing this? What we’re seeing is more global than a single company, but as data is being collected and sold, there’s more sensitivity about this.”

When you do make a privacy policy update and to how you plan to use collected data, be sure that you make this clear. Transparency is key. Sorden recommends setting a log-in screen that requires users to click to accept privacy policy changes.

Similarly, your website’s terms of use—which is not technically required, but highly recommended—is essentially the contract that your site users enter into with your company by clicking an agreement. One issue with terms of use is that practically no one actually reads the fine print. One study of online behavior found that 98 percent of participants signing up to use a social networking service did not read the terms of use agreement, which included having one’s data shared with the NSA and surrendering the user’s first-born.

Nonetheless, Sorden recommends that his clients carefully consider the contents of their terms of use disclaimer, such as how disputes will be resolved. For example, he asks, “What if you sell something on the internet and payment bounces eight days later? How and where do you want to resolve your conflicts?”

Rolling out your online business may not be quite as simple as copying and pasting another site’s privacy and terms of use policies. To make sure you’re setting things up right, seek legal advice from an experienced e-commerce lawyer.