]

5 Legal Clauses You Should Have in Your Privacy Policy and Why
by Rich McIver on May 9, 2015 in eBusinessThe Legal Refresher
I am posting this article below, written by Rich mainly because I signed up for information on marketing research, and my email was sold to SPAMMERS. Of course I didn't read the "PRIVACY TERMS", who does. Now I get 50 Spam emails a day and Gmail hasn't figured out how to filter these new Emoji headers and headers gobbled together with underscores as spaces.

So, If I was a retailer or brand, I would be sure to have in BIG BOLD letters...WE DON'T SHARE ANY OF YOUR CONTACT INFORMATION EVER....because if you don't, I will never sign up for anything you have...and I bet many others won't either !!!! SEE #5
If you scroll to the footer of most reputable websites you’ll see a link to that website’s Privacy Policy. Despite the fact that almost all consumers know they are there, almost nobody takes the time to read them, begging the question, why are they there at all?

The answer is that they’re often not really there for the benefit of the user, but in fact are there to protect, limit the liability, and comply with applicable laws for the website listing their privacy policy. To make sure your company website’s privacy policy is as effective as possible, here are five clauses it should include, and why.

1. Include a Clause Covering the Possibility of an Acquisition:

If your company is going to be acquired, the last thing you want is a deficient website privacy policy impeding the process by holding up the due diligence process. If you don’t account for the possibility of an acquisition in your privacy policy, however, that just might happen. Make sure that your privacy policy deals with the possibility of an acquisition, sale, or other transfer of assets by either stating that the acquiring company will adhere to the pre-existing privacy policy, or that upon sale or acquisition or assets you will adopt the privacy policy of the acquirer. The specific solution you state is less important than the fact that you account for the possibility of an acquisition and provide a clear roadmap for how the policy will be affected, so that a potential deal isn’t negatively impacted.

2. Clearly State Your Data Collection Policies:

The United States has an overwhelming number of laws that have provisions relating to data collection and privacy, such as the Americans with Disabilities Act, the Children’s Internet Protection Act (2001), the Cable Communications Policy Act (1984), the Computer Fraud and Abuse Act (1986), the Computer Security Act (1997), the Consumer Credit Reporting Control ActHIPAA, the Gramm-Leach-Bliley Act, not to mention applicable state and local laws. Because trying to understand and navigate each of these laws would keep a team of attorneys busy full time, the Federal Trade Commission has provided a list of questions that you need to clearly answer in your privacy policy which will keep most businesses legally compliant. They are:
  • What information does the company collect and how does it do so?
  • How does the company protect the information it collects?
  • How does the company use the information it collects?
  • Does the company share the information it collects with others, and if so, what is shared and with whom is the information shared?
  • Do customers have control over their personal data, and if so, what control do they have?

3. Communicate a Means to Easily Make Changes to the Privacy Policy:

If you want to change your privacy policy in the future (which you will) you need to provide a method through which those changes can be communicated. You have a few options, ranging from really onerous ones like emailing out all changes to all your current and past users to something as simple as listing the last update date at the top of the policy and listing when those changes will go into effect. The reason you need a means of communicating changes is so that you can make changes as your business needs develop that retroactively apply to all users. By far the easiest to comply with is just to state that changes will go into effect 30 days after the policy is updated, and that users should return to this page regularly to check for updates.

4. Have a COPPA Compliant Policy for Users Under 13 Years Old:

The Children’s Online Privacy Protection Act (COPPA), created in 1998, was designed to protect children under 13 and place their parents in control over what information is collected from their children online. It applies to websites that are either targeted to children under 13, or which have actual knowledge that they are collecting information from children under 13. If your website is targeted to children and/or teens, you need to spend the time to have a comprehensive clause about what you collect, how you notify parents about what is collected, and how you obtain the parents consent before doing so. For those websites that may only incidentally have users that are 13 or under, the most common path is to not collect age data (thus preventing you from having actual knowledge) and state clearly in your privacy policy that your website is not intended for children 13 or under, and that they are prohibited from using the website. To the extent that collecting age data is imperative for your website, you’ll need to block users 13 and under once they tell you their age.

5. Be Clear About Your No Spamming Policy:

If your business uses email you probably already know about CAN-SPAM laws which prevent spamming and require that you provide email subscribers with your address and an opt out. What you may not be doing, however, is providing redundant CAN-SPAM compliant documentation in your privacy policy. So, in order to protect your company from accusations that it has violated CAN-SPAM in the event that your email addresses get hacked or a rogue employee decides to send out spam, make sure that you clearly state that your company complies with CAN-SPAM and list your mailing address, contact information, and an unsubscribe button or email in your privacy policy. That way, should a rogue email be sent you’ll have the backup protection of being able to say that angry recipients can simply notify you and /or unsubscribe in your privacy policy, even if your email was deficient.

Conclusion:

If your website doesn’t have users under 13 years old, your company doesn’t use email for marketing, the possibility of a business merger isn’t a serious concern, and the whole host of other reasons haven’t convinced you that it’s necessary for your company to have a privacy policy, you may be wondering if you need one at all. The answer, is that if your website collects any data whatsoever, whether it be as robust as financial or medical information, or as limited as cookies, the California Business and Professions Coderequires that you have a Privacy Policy. What about if your business isn’t in California? Unfortunately, if your website is visible to people residing in California, and therefore could potentially collect California residents information, you are required to have a visible Privacy Policy regardless of where your company is based, your website hosted, etc. In sum, virtually every website that is subject to U.S. law must have a privacy policy.
Finally, it’s important to remember that whatever you say that you’re going to do with respect to protecting your user’s information or not selling their data, you should actually follow up on. While enforcement is spotty, the FTC does have the power and does on occasion actually prosecute companies that violate the promises in their privacy policies.
© 2015, Rich McIver. All rights reserved.
About Rich McIver
Rich McIver is an attorney licensed by the State Bar of Texas. He attended the University of Notre Dame, and the University of Chicago Law School. Rich has started three tech startups that have each been acquired via private equity, merger, and private purchase respectively. Additionally, he founded a Houston based law firm that was sold in 2014 via partner buyout. Currently, Rich is the CEO of MerchantNegotiators.com, in the merchant account services industry and sits on the board of an online education company.

home

About Us

Contact us

commitment to our veterans

social marketing platforms

marketing integration

technologies for retailers

home furnishing's industry

free marketing help desk

our RETAIL rants blog
the beginners guide to marketing



​​content provided by free

​napier marketing group, inc.

CATEGORY EXPERIENCE

Home Furnishings • Consumer Durables • Retail • Trade • Consumer Products • Printing-Publication • Technology • Entertainment Partnerships • Furniture Stores  •  
​Social • Digital • Business Transformation – Corporate Turnaround • Marketing • Sales & Sales Management • Business Development • Brand Management • Home Furnishing Marketing • Furniture Retail Strategy • Marketing, Advertising & Promotion  • Staff Management • Product Positioning • Strategic Partnerships • Product Pricing • Trade Show Management & Presentations • Strategic Planning • Marketing Communications • Product Differentiation • Marketing Strategy / Execution • Online Marketing ​
​Napier Marketing Group
​is Located In Ft. Myers, Florida
[email protected]
​612.217.1297

Picture
© 2007 – 2025 Copyright Napier Marketing Group Inc. All Rights Reserved. No use, publication or reuse is permitted without express written authorization.

Website design and maintenance provided by 
Napier Marketing Group Inc.
Ft. Myers, Florida
- www.napiermkt.com
- [email protected] -
- (612-217-1297) -
Picture
Contact Us