Business to consumer e-commerce is exploding. It would grow even faster if consumers weren't hearing things like, "Don't use your credit card online," "Don't give out your personal information when Web surfing," and "When you're online, you leave a data trail of personal information that websites collect and sell."
The simple fact is that people are a bit paranoid about buying online. They don't quite understand the way it works, the press loves to hype the negative and the result is that people are often not willing to give you any information about themselves. No information usually means no sale.
In the past, I've discussed the need to post "Terms and Conditions of Website Use" on your site. It's a basic contractual document, which governs the use of your website. It can do things like limit your liability for things like orders lost in cyberspace (or lost to a crashed computer), force web surfers to sue you in your home state if you have a dispute and eliminate the risk of class actions by disgruntled users.
If you're online doing business without a custom created agreement, you're playing with fire. And sorry, but the one you "borrowed" from another website wasn't custom tailored for your needs and probably doesn't work for you. (Often, the real irony is that the party you're "borrowing" from "borrowed" it from somebody else.) Of course, you won't know that until you're in court relying on it and then find out that it's lacking. It's a little like finding out that your parachute was made for a different sized person after you've left the comfortable confines of that perfectly good airplane.
If you don't believe that these documents are important, then look at the terms and conditions at http://www.microsoft.com/info/cpyright.htm and http://pages.ebay.com/help/community/png-user.html and the privacy policies at http://www.microsoft.com/info/privacy.htm and http://pages.ebay.com/help/community/png-priv.html. The Microsoft's and E-Bay's of the world have these documents and you should too.
What It Should Say
It should tell web surfers what information you're collecting. You should also explain why you collect it and how you use it. Do you sell it or share it? If you do, say so. If you don't, it's probably a competitive advantage, so make this point extra prominent.
Let the Web surfer know if she has any choices that she can make regarding privacy. For example, can they "opt out" of third party use of their data? It's usually a good idea to allow for "opt out." With sensitive data like medical, racial, political and religious information, you should probably set it up as an "opt in." This way, if they don't specifically give you consent to disclose this information to third parties, you won't.
Next, you should include some information about the security measures that you have in place to insure that private information isn't stolen. Here, your policy would discuss your password procedures and your use of encryption and firewalls. (A "firewall" is any of many ways to protect a network from unwanted access. Essentially, it consists of mechanisms to decide what network traffic gets in and what gets rejected as a possible unauthorized entry.)
One item that commentators always mention is the issue of "data integrity." Simply, the issue is what you do to ensure that the data you have is complete and accurate.
If you have a membership site where users get a user name and password, you might have a link where they see all the information you've collected. Depending on what type of business you have, you might then give them a chance to correct any information online or send you an e-mail requesting a correction.
Privacy Seal Programs
Probably the two most significant programs today are the BBBOnLine (www.bbbonline.org ) and Truste (www.truste.org) programs. You can learn about their eligibility requirements by visiting their sites.