Website Privacy

Every website must contain a privacy policy. This is required by law to give visitors to the website notice about what information the website will collect from them, and how that information will be stored and used. A privacy policy must disclose several details to the public, including what type of information the website collects, what information it discloses to third parties, and whether it uses cookies. Website owners can be sued by the Federal Trade Commission (FTC) for using unfair and deceptive business practices if they either fail to include a privacy policy or make overbroad statements or promises in it which they cannot fulfill. It is therefore important that a privacy policy complies with the law’s requirements and makes statements that are completely accurate.

A privacy policy should contain several pieces of information. First and foremost, it must be clearly designated as a privacy policy and posted publicly on the website itself. The privacy policy should identify the name of the company and clearly establish what person or entity it represents. It must clearly specify exactly what types of data the website collects from its visitors, such as email addresses, names of its users, IP addresses, mailing addresses, and credit card information, and explain how this data is stored and protected. If the website shares any of this information with third parties, the privacy policy must disclose exactly who it shares that information with, what information it shares with them, and how the third parties will access, store, and handle the information. The policy must also explain the website’s reason or reasons for collecting user data. Finally, it must contain an opt-out clause providing visitors the opportunity to opt out of the website’s data collection, and explaining exactly how they may go about doing this.

Websites should be careful not to make guarantees in their privacy statements they are not certain they can back up. A website that includes inaccurate information in its privacy policy can be sued by the FTC. These lawsuits most commonly arise when websites make broad guarantees of user privacy which they cannot ensure. For example, it is not uncommon for websites to be hacked and their information made public by the hacker. If this happens to a website that guaranteed in its privacy policy that it would keep its visitors’ information private, the website could be sued for including deceptive information in its privacy policy.

Another circumstance where this could happen is if the privacy policy makes a broad guarantee never to sell its users’ personal information but does not provide an exception for if the website itself is sold. The website owner could be sued for having made this guarantee if the owner then sells the website, and along with it the website’s information about its visitors, without having allowed for such an exception in the privacy policy.

Privacy policies shield websites from lawsuits so long as they are accurate and include everything the law requires. An attorney can review your website’s privacy policy to make sure it complies with the law and does not contain language which could enable someone to sue you in the future. If you have questions about your website’s privacy policy, contact the attorneys at McNeely Law today at 317-825-5110.

This McNeelyLaw LLP publication should not be construed as legal advice or legal opinion of any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own lawyer on any specific legal questions you may have concerning your situation.