Privacy on the Internet continues to be an issue of global concern with the creation of more and more sophisticated software tools to capture personal details of users with or without their knowledge or consent.
Although this acted as an initial deterrent to e-commerce in the early years, much legislation on privacy and data protection has been enacted in most major jurisdictions to assure online users that website operators are legally required to treat their personal data responsibly and openly advise them what parts (if any) of their details will be disclosed and to whom.
Internet users now expect website operators to act responsibly with respect to their users’ personal data and are legally required to display privacy policies, statements or notices advising the user what information can be gathered automatically when they use the website, what they themselves disclose to fulfil an enquiry or order and what the operator will or will do with their personal information.
To some degree or another, the website operator will gather “personally identifiable information” about the user which usually includes a first and last name, a home town or other physical address,(if goods require to be paid and/or delivered) including street name, city or town, an email address, a telephone number, perhaps also credit/debit card or other payment details (if the user is buying/paying online), perhaps also a social security number or any other identifier that permits the physical or online contacting and identifying of a specific individual.
● Identify the categories of personally identifiable information that the operator collects through the website regarding users, and identify the categories of third parties with whom the operator may share that personally identifiable information. For example, the policy may indicate the operator will collect the user’s name, address, social security number, and/or other relevant information. The policy may identify, for example, that the operator will share the personally identifiable information collected with third party processors of for example, payment, credit or loan data.
● A description of the process, if any, that the operator maintains for a user to review and request changes to any personally identifiable information that’s been collected by the site. For example, the operator may require an individual to submit a signed letter containing information sufficient to assure the operator that the individual is who he or she claims to be, requesting to review and/or revise the personally identifiable information collected.
● Any other functional hyperlink displayed so that a reasonable person would notice it.
The above “bare-bones” requirements should render compliance under most jurisdictions a simple matter.
Privacy and data protection will continue to be a huge area of debate in many jurisdictions and the subject of many and varied legislative measures and case law.