Privacy Policies: Why does your website need one?

Privacy Policies are an important part to any website. A good privacy policy, drafted by an Internet Attorney, seeks to protect against unauthorized access to the site, as well as the collection, use, and disclosure of any information of the end user. Interestingly enough, the right to privacy is nowhere in the United States Constitution. Nonetheless, the right to privacy has been shaped by the Court system as well as the internet.

Consumers expect businesses engaged in electronic commerce to closely guard any personal information they give them. The mere presence of the words "Privacy Policy" on a webpage are sometimes enough to give you a vote of confidence in the eyes of a consumer. But when a potential buyer clicks on the privacy policy, what do they see? Do you even have one?

At the minimum, your Privacy Policy should address concerns with: (1) Notice; (2) Consent; (3) Choice; (4) Access to Data; (5) Transfer of Data. Again, these are the bare minimum and will not even guarantee that problems will not arise. If problems do arise, especially in Arizona, and customer data is compromised you could be facing dire consequences. For example, Arizona (Ariz. Rev. Stat. § 44-7501) states that:

Arizona requires a person that owns or licenses computerized data that includes personal information to conduct an investigation when it becomes aware of unauthorized accessto unencrypted personal information to determine if there has been a breach. If the investigation determines a breach has occurred, a person must notify the individuals affected. The disclosure isto be made without unreasonable delay, subject to law enforcement needs and internal investigations to restore the data integrity. Arizona further requires that a person that maintains computerized data that includes personal information that it does not own or license discloseany security breach to the owner or licensor immediately following the discovery.

Notice can be given (A) in writing, (B) by email, (C) by telephone or (D), in certain circumstances, by substitute notice that includes email, posting on the person's website and notification by statewide media. Notification is not required if, after reasonable investigation, the person or law enforcement agency determines that a breach has not occurred or is not likely to occur. Personal information means a person's first name or first initial and last name in combination with one ormore of the following that is not encrypted or redacted: (A) social security number, (B) driver's license number or identification card number, and (C) account number, credit card number, or debit card number in combination with security code, access codes or password. A person who complies with federal notification requirements or security breach rules, and a person who maintains notification procedures as part of an information security.

If your website needs a privacy policy, just copying another sites privacy policy is not enough. In fact, it is copyright infringement. To make sure that you are compliant with all federal and state law, contact us today!