Our privacy policy is simply a document or statement that describes the different ways in which a company gathers, utilizes, and maintains contact with a customer or client. Businesses that place a “privacy policy” on their web site are doing so to inform customers about their privacy policies and practices and to suggest ways to maintain contact between them and the company. The use of a privacy policy is very important. It tells your potential customers that you understand that your business and the information that it collects about its customers may be used for marketing purposes and that you will do everything possible to keep this information private and protect the rights of your customers.

In order to draw the line between permissible and impermissible use of your collected identifying information, you must have a clear and consistent definition of what is considered acceptable and what would be considered impermissible. For instance, a privacy policy may outline the specific ways in which E-mail marketing can be conducted from your website. However, E-mail marketing is not permissible if the information that you are collecting from each individual subscriber is derived from E-mail addresses that have been submitted by the person living at or mailing from their home address. Similarly, telephone solicitation from a person who has not consented to the solicitation is also imperatively prohibited. The same is true when you use cookies or other tracking technologies to track the web browsing habits of your visitors.

In addition, the failure of a business to adequately describe and explain its privacy policies to external stakeholders can cause great confusion to those who may not be aware of the meaning of the exact terms of the policy. This can result in the misinterpretation of the meaning of your privacy policy and the collection, use and disclosure of your consumers’ personal and financial information. This could potentially impact your ability to protect the privacy of your customer’s information from misuse by outside parties. For this reason, your privacy policies need to be worded precisely and should be directed at your customers and visitors.

A privacy policy that is written to clearly outline your collection of personal information and the manner in which you will use that information must be effective date after the date on which you intend to use it. For example, if you begin collecting information about a particular customer on a particular date and intend to use the information for two years, you should include in your privacy policy an effective date for the collection of the personal information. Failure to indicate an effective date in your privacy notice or the existence of an effective date can lead to confusion and doubt amongst your external stakeholders. Similarly, the inclusion of an effective date needs to be accompanied by the word “effective” or “last used” so as to clarify to your external stakeholders that the personal information you have collected and intend to use remains current. Failure to provide an effective date can also lead to your customers assuming that the information you provided was last used when in reality it was not.

Effective dates are especially important when you collect personal information from third parties such as third party vendors, contractors and affiliates. If at the effective date you begin using the collected information and it has not been de-identified and there is still a link to the de-identification date on your privacy policy, then you are required to treat all the collected information as the personal information it was collected under the terms of the opt-out option in your privacy policy. Therefore, if your customers request that you remove the link to the opt-out instruction in your privacy policy, you are obliged to do this.

The privacy notice that you are required to include with every website also need to address issues related to the de-identification and the use of cookies and other tracking technologies. Where you are processing personal information about your customers, you need to ensure that you delete the cookies from the computer as well as the web beacons once they have been placed. Where you are not processing personal information about your customers but are collecting email addresses, you need to make sure that you remove the cookie from the server and the web beacon once the email address has been validated. Failure to comply with these principles can lead to your business being shut down for violation of the Data Protection Act.