Collection notice

Privacy is one of the hottest Internet issues.

As companies collect more data on Web site visitors to hone their marketing messages, target products and launch promotions, visitors are starting to object to how that information is being used and in some cases, sold.

“There are no uniform rules of conduct for businesses,” says Mark Terzola, an associate partner at the law firm of Roetzel & Andress. “There is a sort of piecemeal regulatory scheme that is principally federal in nature and enforced by the FTC, but there are no one-size-fits-all answers.”

The problems occur because of the nature of doing business over the Internet. There are 50 states, each with its own privacy laws, plus federal regulations for some sectors. And if you are doing business overseas, the laws of the European Union or each individual country may also apply.

So how do you protect yourself in this evolving legal environment? Be conservative, and be honest.

* Protect the information you collect.

Make sure your database is protected from hackers and others who might benefit from information you have collected about your Web visitors.

* Tell users what you plan to do with the information.

“Opt for full disclosure rather than something less than that,” says Terzola. “Where companies have gotten in trouble is when they don’t do exactly what they told the user they were going to do. Don’t dance around the issues. If you are going to sell the information to a third party, then tell them that.”

* Allow users to see what information you have.

There should be a way for users to see the information you have so they can see what has been collected and check for accuracy.

* Make users opt in.

“Give the consumer a meaningful choice as to what happens with his or her information,” says Terzola. “Give them an opt-in or opt-out decision. Make them elect to allow you to use their information.”

Outline all your policies and procedures in a privacy policy posted on your home page. For an extra level of protection, make users agree to the terms before providing them access to your pages.

“Having a privacy policy is a good thing,” says Terzola. “Take it seriously, because this area is becoming more heavily regulated.” How to reach: Roetzel & Andress, (216) 623-0150


The regulated few

Not every business is left to determine its own actions in cyberspace.

There are specific federal regulations that cover Web sites collecting information from children; financial institutions; and businesses that deal with personal health information.

* Children’s Online Privacy Protection Act (COPPA). This applies to the online collection of personal information from children under age 13. The law spells out what a Web site operator must include in a privacy policy, when and how to seek verifiable consent from a parent and what responsibilities an operator has to protect children’s privacy and safety online.

* Gramm-Leach-Bliley Act. Any financial institution that provides financial products or services to consumers must comply with the privacy provisions of the act and the privacy rule. It primarily applies to providers of financial products or services to individuals, not businesses, to be used primarily for their personal, family or household purposes.

* Health Insurance Portability and Accountability Act. This act sets standards health care organizations must follow to protect personal health information that is transmitted electronically.