What You Must Include in Your E-commerce Site’s Privacy Policy

While you may never see your customers face to face in e-commerce, you do have a number of responsibilities to them just the same. When people buy things from you, they usually give you credit card numbers, email addresses, phone numbers, physical addresses and other sensitive personal information. While you’re basically free to monetize it in whatever legal way you see fit, before you can do so, you must notify consumers of your intention to do so. This information is part of what you must include in your e-commerce site’s privacy policy.

Though privacy policies are not specifically required by law in the United States, a number of existing regulations do add up to making the need for one mandatory. Further, if you accept payments, your payment gateway likely requires the inclusion of a privacy policy on your site to protect them.

At minimum, your privacy policy should inform your customers how their personal information (email addresses, credit card information, or automatically collected browser information) will be employed once they have submitted it to your site in exchange for the “privilege” of making a purchase.

Good privacy policies for e-commerce websites typically contain an explanation of how you collect and employ personal information. This includes explaining your cookie policy, outlining how you share customer information and providing contact information so customers can reach you to voice concerns.

Your email opt-out policies are usually disclosed in your privacy policy as well. By the way, with email marketing, you must be careful to ensure all communications are crafted within the guidelines established by the CAN-SPAM Act.

If children under the age of 13 will be attracted to the content on your site, you must also make sure you’re in compliance with the Children’s Online Privacy Protection Act, which gives parents control over what information websites can collect from their kids.

Once you’ve published your policy, make a concerted effort to stay within the guidelines it establishes. If you must go outside of them, before doing so, you have a responsibility to inform your customers of an upcoming change, so they have the opportunity to opt-out. You also need to make every effort to future-proof your policy. It should include language governing any emerging technologies, or any that are likely to come into the fore.

If you’re looking for an example to which you can apply your own circumstances, the Federal Trade Commission site has an outstanding example of a well-written privacy policy. While they aren’t difficult to write, a number of companies have emerged providing the crafting of privacy policies as a service. Depending upon your situation, you might wish to take advantage of one of them. Additionally, many third-party privacy policy validation and compliance services exist to help you ensure you’re operating within the bounds of the regulations.

According to the Small Business Association, the Federal Trade Commission is constantly reviewing privacy issues. Areas such as cloud computing, mobile applications, social media, and other online services are increasingly coming under the spotlight. If you do most of your business online, the SBA recommends talking to a lawyer who specializes in internet or online law to determine whether your policies are adequate.

For e-commerce sites, collecting sensitive consumer information is an essential part of doing business. You have a responsibility to your customers to properly secure it.  You could also be found liable in incidences of identity theft. Knowing what you must include in your e-commerce site’s privacy policy is essential to inspiring confidence in your customers.