The second challenge with privacy policies is the fact that requirements in recent years have been a moving target. For example, in the U.S., a growing number of states have enacted different laws regarding online privacy and regardless of the differences, if you collect PII (personally-identifiable information) from residents of those states, you are expected to comply with all of those inconsistent laws. (For more information regarding state laws and privacy policies read Are Online Privacy Policies Required by Law?)
A solution, however, in the form of a U.S. federal standard may soon be upon us. As discussed in the previous post, well over a dozen PII related bills have been introduced in Congress this year (2011) and most of them are fairly comprehensive. (For a list of those bills and links to the legislation, see Federal Legislation and Online Privacy Policies.) It seems to me, even though members of the current Congress are unable (or unwilling) to agree on anything, the odds are in favor of some type of federal standard coming out of all that.
Step 1: Complete my assessment form
√ It identifies requirements for online privacy as they apply to website and blog operators in the U.S.
√ It walks you through the process of determining whether your site adheres to applicable requirements.
The form allows you to input your answers and save it locally and/or print it. Alternatively, you can simply refer to Table 1B in the previous post.
As indicated on the form, I recommend that you first read all 20 questions and identify those that apply to your site by clicking on the check-box in the column marked (X). Then, go back and fill in your answers for the questions that apply. The completed form can then be used as the basis for steps 2 and 3.
Using the completed assessment form as a baseline for comparison, you can quickly rule out options that do not address all the requirements that apply to your site. Other factors that should help narrow down your options include how much PII your website or blog collects, your writing skills, and your budget. Numerous online solutions are free but if you are looking for a professional to write it for you, that comes with a price tag, of course.
A) Websites that provide auto-generators (interactive questionnaires)
B) Websites offering templates (write it yourself using a model document as a starting point)
A significant amount of time was spent sifting through numerous web searches to distill this list of 15 options. However, while I believe they are all credible solutions, I do not endorse any particular one because I have not personally used every option. That would be too expensive and much too time consuming, unfortunately. More importantly, whether a particular solution fits the needs of your site depends on the volume of PII involved and how it is collected, used, stored, shared, and disposed of.
A) Auto-Generator Websites
|These sites essentially provide interactive questionnaires and some are more comprehensive than others. In all cases, the level of compliance of the resulting policy depends on the accuracy of the answers you provide. That is why I recommend you complete the 20-question assessment form (see step 1, above) prior to pursuing one of the options in the solutions list. Some of these sites also provide the HTML version of your policy statement but if you edit your web pages with a solution like WordPress or Dreamweaver, you can simply copy and paste the standard text output.|
B) Websites offering Templates for Privacy Policies
C) Attorneys and other Experienced Professionals
|This category of solutions may be beyond the budgets of new start-ups but for mid-size and large online operations its the more prudent way to go. As brand value, cash flow, and company assets increase, so does the need to effectively deal with risk management – and dealing with PII does pose a risk. If your operation has been experiencing significant growth but you are not yet in a position to hire an in-house professional, you may want to consider one of these solutions to ensure privacy compliance and minimize your liability.|
— Table 2A —
- No contact information was available and/or no information about the site owner/operator was available.
In closing, it is important for me to point out that I am not an attorney and I am not presenting this article as legal advice. As with all content published on this site, these ideas and concepts are offered for informational purposes only. Whether and how you use the information is up to you. Depending on the nature of your website and volume and type of PII it handles, you may be best served by securing the services of a licensed professional.
I hope you found this post useful.