Friday, December 9, 2011

Have You Read Your Website Privacy Policy Lately?

Dealerships typically collect a great deal of personal information from their website visitors through contact forms, online credit applications, etc. What many businesses don’t realize is how vitally important it is to properly handle any Personally Identifiable Information (PII) collected from consumers through their sites.
So what’s the big deal about privacy policies? Our website provider takes care of that, right?
Not necessarily. In researching dealer websites recently, we looked at a random sample of privacy policies on 12 dealer sites from around the country. What we found was…interesting:

·         2 dealers had no privacy policy link on their sites (both were in states where it’s required by law)
·         1 dealer had only the website provider’s privacy policy published on its site (won’t do the dealer much good if there’s a legal claim against them)
·         2 dealers had only the manufacturers’ policies published on their sites (same as above)
·         1 dealer had a privacy policy with another company’s name on it (need to make sure you customize those templates!)
·         3 dealers had the same policy that they hand out to consumers who apply for credit at the store (NOT the same thing as an online privacy policy)
·         2 dealers had identical boilerplate policies provided by their website provider – not a problem, unless the policies don’t truly reflect the dealers’ actual processes. For instance, the policies state: “Subscribers to our e-mail services (or any other feature/service found on our Web site) will not receive unsolicited e-mail messages from us”. If the dealers decide to launch an email marketing campaign to these website visitors (which is legal as long as they adhere to CAN-SPAM regulations), they could be in danger of violating their own policies. Federal and state regulators can take action against companies that fail to comply with their own privacy policies or otherwise misrepresent their information management practices. And of course, there is the real possibility of substantial private lawsuits.
·         1 dealer had a nicely-written, personalized policy (good job!)

While posting a privacy policy on your website is not yet required by federal law, it looks like it will be soon. There are several bills pending in Congress that address online privacy, such as the Commercial Privacy Bill of Rights Act of 2011, and full disclosure tends to be a common element. Some states already have laws on the books mandating online privacy policies. For instance, if you’re collecting personal information from any California residents, state law requires you to conspicuously post a privacy policy on the site and strictly comply with its provisions.

The internet can be a dangerous place when it comes to privacy. Do yourself and your customers a favor by establishing best practices for handling consumer privacy. The first step is to review your company’s privacy policy and ensure that you have a clear understanding of its contents and that it reflects your dealership’s actual practices. The next step is to make sure that it’s published on your website. Finally, review the policy with your employees and vendors to ascertain their understanding. This will help minimize (or hopefully eliminate) breaches due to unfamiliarity on the part of individuals acting on your behalf.

No comments:

Post a Comment