The Internet has evolved into a global market place. There's virtually nothing that can't be found and bought online. Customers like it because its fast and convenient: there's no need to drive around and shop when it can be delivered to you, often in just a few days.

But, along with liking the ease and convenience, many consumers have concerns about online privacy and security, particularly in regards to personal information that they might share or disclose while on your Web site, like their names, phone numbers, e-mail and street addresses, and credit card information. In fact, some consumers refuse to shop online because they fear that their personal information can be misused.

So, as a good business practice, you can build trust with potential consumers by using some policies and procedures to protect your online customers' privacy. And, it's not just good business, but it's the law, in some instances.

Online Privacy and the FTC

In the past 20 years, the Federal Trade Commission (FTC) has issued two reports regarding online privacy. The FTC's stance on the collection and use of personal information of online consumers is focused on four key areas:

  • Notice, which entails telling your online customers, in a clear and conspicuous way, of your information practices, including how you collect, use and disclose such information to other persons
  • Choice, which is the idea that your customers should be able to tell you how and when you can share their personal information with someone else
  • Access, which means that you should give your customers the chance to see the information you have collected about them and to make corrections to it, if needed
  • Security, which involves making sure that the customers' information is not used, accessed, or disclosed without the customers' authorization

In the most recent FTC report, it was found that while there was a significant increase in the number of Web sites that posted some type or form of privacy disclosure, only a small percentage were using the FTC's four "fair information practices."

Your Strategy

It's a good idea for you to implement the FTC's recommendations, and make your efforts as consumer-friendly as possible. Consumers do look at and read privacy disclosure statements, and it's not uncommon for a customer to refuse to business on a Web site that doesn't have one. In addition, giving consumers ready access to the information and power to choose with whom you can share their personal information can lead to consumer trust in your site and in your products and services.

While the FTC's recommendations are just that, there can still be consequences if you choose not to make these suggestions a part of your online business operations. If, for example, you make promises in a privacy statement about how you'll use customer information or keep it safe, and you don't keep those promises, the FTC can prosecute you, and you could be liable for damages and fines.

Besides the FTC's recommendations, there are some other things for you to consider. For example, will your Web site use "cookies?" A cookie is information that is stored on your customers' computer that will allow your Web site to identify the customer the next time he visits your site. Cookies typically:

  • Allow the Web site to personalize greetings to the customer each time he visits
  • Make it easier for the customers to shop because things like his name, address, and credit card number can be stored, making it unnecessary for him to retype the information on each visit to your site

You're allowed to use cookies, but to foster trust with your customers it's a good idea to let customers know that you're using cookies, and maybe even give them instructions on how to prevent your site from storing cookies on the customers' computers. Many businesses give customers the option to not store credit card information within their account profiles.

There's an exception for the general rule that allows you to use cookies. The Children's Online Privacy Protection Act requires that you get parental consent before your Web site collects personal information from children under 13 years old. There are also requirements on giving parents notice, access and control over their child's personal information, as well your obligation to keep the information secure.

Questions for Your Attorney

  • Will the FTC look at my online privacy statement and privacy policies and let me know if they comply with its recommendations?
  • Isn't it enough if I just state on my Web site that I won't sell or give away my customers' personal information?
  • There's no law that prevents me from collecting customers' name and addresses and then selling that information to other retailers, is there?
  • If I think a competitor isn't honoring its privacy policy, what should I do? Call the FTC?