Flat Fee Arrangement
Website Privacy Policies can often be prepared for websites on a modest flat fee basis. The fee will vary
based on the simplicity or complexity of the website. Please contact me at wgalkin@galkinlaw.com or by phone at 410 484 2500 to receive
a quote for a flat fee to prepare a Privacy Policy for your website.
Purpose and Approach
Privacy Policies primarily regulate
how a website collects personal information from its users and how such information will be used. In the
The FTC considers statements
in a Privacy Policy to be promises made by the website to the users. Therefore, when drafting Privacy Policies, great care must be
made to verify the accuracy of all claims and obligations contained in the policy. The Privacy Policy needs to accurately reflect
the collection, storage, use and dissemination polices applicable to the information. Failure to keep these promises may amount to
an unfair or deceptive trade practice actionable under the FTC Act. Additionally, Privacy Policies need to be prepared in a flexible
manner that anticipates future needs.
As stated in relation to Terms of Use, it is often tempting to grab a privacy policy from
another website and model it for a new website’s purposes. However, “getting it right” the first time is critical for a Privacy Policy,
not only because of potential liability, but also because later changes to the policy that seek to correct earlier mistakes or misunderstandings
may not apply to earlier collected information. This could have several significant negative results, like obstructing the implementation
of new marketing plans, requiring costly administration to distinguish between information that needs to be handled in accordance
with different policies and placing a cloud on potential liability and ownership in information that will scare off potential investors
and purchasers.
Key Provisions
Following are some of the main provisions and issues that need to be considered when preparing
Privacy Polices. There are quite a few other issues that also need to be addressed.
- What Information is Being Collected. Privacy
Policies need to specify the type of information that will be collected. It is best to be broad in the description. However, it is
not a good privacy practice to collect more information than is reasonably necessary for the purposes of the website. Descriptions
of information collected would usually include all of the typical personal contact, identity and preference information, but should
also include the non-obvious information like IP address, browser type, host operating system, etc. that is automatically collected.
Under the Children’s Online Privacy Protection Act (COPPA), parental permission is required to collect personal information from children
under the age of 13. There are narrow exceptions to this requirement, and the method of verifying parental consent needs to be strictly
complied with.
- How Information is Collected. User information can be collected by a variety of means, through registration forms, by means of cookies and web beacons, etc. These methods should be clearly stated.
- How Information is Used. Information may be used for a variety of purposes, such as to personalize content presented to users,
to serve advertising and deliver other information, market research purposes, carry out agreements entered into between the website
and the users, and to notify users about changes and features of the website. These uses should be clearly stated.
- Third Parties
that may be Receiving or Collecting Information. Third parties that will be receiving personal information of users should be clearly
stated. Often there are third party service providers that will be receiving personal information on behalf of the website. Such service
providers may include credit card transaction processors, communication platform providers, and hosting services providers. Information
may also be transferred to third parties for marketing purposes. If there are legal proceedings involving the website, the website
would want express acknowledgement from the users that the website may cooperate with such proceedings, which may include a transfer
of personal information to legal authorities. Additionally, it is critical to allow transfer of the information to an entity that
may acquire ownership in the website at a future date. Advertising served by third parties automatically receives IP addresses and
such third parties may also use cookies, JavaScript, web beacons and other technologies to measure the effectiveness of their ads,
to personalize advertising content, to compile anonymous statistics and otherwise monitor the effectiveness of their campaigns. Users
should be notified in the Privacy Policy of these possibilities. It is also beneficial to highlight to users that there may be links
in the website to third party websites and that the privacy policies of such third party websites will govern the collection and use
of their information.
- Security Used to Protect Information. Websites are not generally required to state the type of security
that will be in place to protect the information from unauthorized access. However, many users what to see this. Once security procedures
are stated, failure to comply with such procedures could subject the website to action by the FTC. Therefore, it is important not
to overstate the actually security that will be in place. It is also important to clearly state the limitation of any security system.
No system is absolutely secure from unauthorized access from hackers.
- Compliance with U.S and non-
