I was told by someone that I need to have a privacy policy. But I don't know how to write one or how to incorporate it into my forum. What do I do? I live in the US. I'm thinking it would be similar to this forum's privacy policy? Where is this forum's policy found?
I am a lawyer, and your question about web site Privacy Policies (along with Terms of Service) hits on one of my pet peeves. I am therefore going to give you a long detailed answer explaining why I believe this is an area where I think you need professional advice. Every web site needs a Privacy Policy describing the types of information it collects, how it is used, how it is shared, how it is stored and how it is protected. While there is currently no Federal law directly regulating the Privacy Policy, the regulations contained in other laws affect your web site, and states like California have taken it upon themselves to pass state laws concerning privacy. However, the internet is larger than a single state, and I expect to see a federal regulation concerning Privacy Policies in the coming year. For instance, the FTC’s Fair Information Principles identify five critical issues concerning website privacy. I expect these principles to be codified and regulations promulgated in the near future: 1. Notice and Awareness – Consumers should be given notice of an entity's information practices before any personal information is collected from them. 2. Choice and Consent – choice means giving consumers options as to how any personal information collected from them may be used. Specifically, choice relates to secondary uses of information -- i.e., uses beyond those necessary to complete the contemplated transaction. 3. Access and Participation – an individual's ability both to access data about them (i.e., to view the data in an entity's files) and to contest that data's accuracy and completeness. 4. Integrity and Security – Security involves both managerial and technical measures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data. 5. Enforcement and Redress - core principles of privacy protection can only be effective if there is a mechanism in place to enforce them. Recently, the FTC has been prosecuting companies who have had privacy breeches under Section 5 of FTC Act as “deceptive practices†– that is they did not guard their data security as they said they would. While there is no Federal comprehensive Privacy Policy law, each of the following acts have Privacy Policy implications: 1. The Children's Online Privacy Protection Act (COPPA) affects websites that knowingly collect information about children under the age of 13. The COPPA regulations are incredibly complicated – if your web site is available to children under the age of 13 it is my recommendation that you contact a knowledgeable attorney to review your compliance with COPPA. 2. The Gramm-Leach-Bliley Act contains The Financial Privacy Rule which requires firms to provide a privacy policy which communicates the data sharing practices of the firm. It also requires an opt-out mechanism for the customer as required by the Fair Credit Reporting Act. If your firm keeps a copy of the customer’s payment information (i.e. credit card number) on file, it is my recommendation that you contact a knowledgeable attorney to review your compliance with The Gramm-Leach-Bliley Act. 3. Health Insurance Portability and Accountability Act (HIPAA) establishes the rules and regulations for the storage and dissemination of Protected Health Information. If your company keeps health information on file about your customers (i.e. prescription orders) it is this my recommendation that you contact a knowledgeable attorney to review your compliance with HIPPA. Some states have passed their own privacy laws. The most significant of these is the California Online Privacy Protection Act. This law requires operators of commercial web sites or online services that collect personal information on California residents to conspicuously post a privacy policy on the site and to comply with this policy. The privacy policy must, among other things, identify the categories of personally identifiable information collected about site visitors and the categories of third parties with whom the operator may share the information. As California is a significant portion of the U.S. market, it was the California Online Privacy Protection Act which was the driving force prompting firms to provide privacy policies. However, with the FTC now prosecuting firms with data breeches and with Congress ready to act, Privacy Policies are pre-requisites for every web site. Privacy Policies Problems Web Site Owners Create for Themselves - Many site owners have simply copied someone else’s privacy policy and are unaware of what they say, or the responsibilities the site owner has agreed to comply with. This is a very dangerous practice. Especially when the person you copied it from likely copied it from someone else’s website. 1. Site owners are bound by what their privacy policies state, and without using flexible terms they could be in violation of their own privacy policy and not realize it. 2. Many site owners do not realize proper formatting of the privacy policy is a matter of law regardless of what it says. 3. Laws regarding privacy policies often change, and without continually updating your privacy policy, what was once a sound document when created could now be outdated and potentially dangerous. Having said all this, it is my recommendation that when creating both your Privacy Policy and the Terms of Service for your Web Site that you seek professional legal advice to provide counsel and advice. __________________________ Andrew M. Jaffe Attorney at Law netlaws.us 330-666-5026
Thank you so much! I went to http://www.freeprivacypolicy.com and set one up. My site doesn't sell anything, it's a hobby forum that doesn't disclose to 3rd parties or use affiliate programmes {the "affiliates" you see at bottom are simple link exchanges, nothing more} the only thing I had to do was the kids under 13 stuff. I'm going to have my programmer programme the registration process to include that too now. The only thing we collect is email. I feel better knowing that I'm getting legally covered. I can't afford an attorney's fees, it's just a small forum for roleplaying, what I'm doing is studying what other larger sites in my genre {like the official Warriors site} have in their policies and comparing with mine. I'm going to go carefully through everything you said and double check I'm okay. I check my server carefully to make sure it is completely secure. Against hackers and everything.
If it's the web site in your signature, then you also have an Adsense ad appearing on your forum. Google has specific information that must be included in your privacy policy to make it Adsense-compliant - most information about the cookie Google places to collect information and a link for the visitors to your site to opt out. These are the details: https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=100557
I already had the first part of Google but not the 3rd party vendor part in. I do now! Thanks a bunch!!! Feel free to me know if there is anything else you think I need to put!!