Internet Privacy: Creating A Privacy Policy
Author: Richard Lowe, Jr.
http://webmaster-free.co.uk/articles/privacy.php


Any good web site has a certain amount of interactivity which causes visitors to need to enter data of one sort or another. Sometimes this is just a name or gender, and sometimes it is a full array of personal information. Some web sites even ask for social security numbers, addresses or, in the case of medical sites, highly personal data that would not normally be told even to one's closest friends.

Of course, the most coveted data is an email address. This is because the email address allows the visitor to be contacted over and over again in the future. This, in turn, improves the odds that something might actually be purchased (assuming the site has something for sale) or that the message is read and understood.

In order for a webmaster and company to be completely ethical, the uses of this information need to be clearly spelled out in simple, plain English. This is called a Privacy policy, and all well designed web sites which ask for any kind of personal data should include one. This is not a legal requirement, it is simply common courtesy. You are asking for something, and you should disclose how that is going to be used and protected (if necessary). This allows people to make informed decisions about what they want to tell you.

What should a privacy policy include? Some of my suggestions include the following.

Email usage - If you are asking for an email address, then you need to tell your visitors exactly what you plan on doing with it. For example, on our web site we ask for an email address for guestbooks, feedback and joining a mailing list. In the first two instances, we do not use the email address for anything except a thank you and never send anything else, so this is stated in the privacy policy. Of course, we do send repeat emails if a mailing list is joined, but we don't give those email addresses to anyone. This is also clearly stated.

Cookie usage - If your site uses cookies, you should explain completely and fully what they are used for an how long they persist (remain before they are deleted). The press has made a big deal about cookies, and because of that people tend to have very negative opinions. This makes it very important to explain exactly why you are using them.

Advertiser issues - If you have banners or other advertisements on your web site, include a section which explains exactly what privacy issues this might bring up. You might just say you display banner ads, and cookies may or may not be associated with those ads. You might also indicate whether or not a web bug is included with the ad (a web bug is a 1X1 pixel graphic used to track the effectiveness of an advertisement). You can get this information from the advertiser or agency (such as Linkshare or ClickXchange). You can also include the URL of their privacy policy to allow your visitors to explore any issues directly.

You say you don't know this information? Or perhaps your site is located on a free host such as GeoCities? My recommendation is to find out and document your findings in your own privacy policy. Why? Because at the very least you need to know and it will increase your credibility with your visitors to include the information.

Special relationships - If you've got some co-branding relationships then by all means include a description in your privacy policy. This includes built-in search capabilities such as Atomz as well as resources such as Coolboard and Hitbox. Basically, if you use tools which are hosted on another site, include a description in your privacy policy. It's also a good idea to include a link to the privacy policy of those tools as well.

This is very important to understand, as all of these tools, most of which are free, collect statistics of one sort or another. These statistics are sold to advertisers. While it may not be very important to your visitors, by including the information, or at least links for additional information, you are increasing your credibility.

Server logging - It's safe to assume that your host logs everything about your visitors and it's wise to at least include a sentence which states this rather obvious fact. If you use server logs for anything, you may also include those uses as well.

Contact information - This is critical. Always include a way for your visitors to send you an email if they have questions about your privacy policy. You will almost certainly not get many inquiries (I have never received one), and including the contact data allows visitors to get any odd questions answered.

Other information - You may ask for other things from your visitors. Be sure and spell out in complete detail exactly why you need that information and what it will be used for. In addition, be completely open about specifying if that information will be shared with others.

Anything else - The key thing to remember is full disclosure. Tell your visitors everything.

In summary, include a well written privacy policy which spells out exactly how you use any data that you get from your visitors. This includes information entered directly by them such as email addresses, as well as things that are merely inferred, such as ad tracking and cookie usage. By doing this, you will gain your visitors trust and improve your credibility.


Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at http://www.internet-tips.net - Visit our website any time to read over 1,000 complete FREE articles about how to improve your internet profits, enjoyment and knowledge.