So how should one go about drafting a website privacy policy?  The Federal Trade Commission advises that when drafting your privacy policy “say what you mean and mean what you say.”  The first part is easy – you need to have a global understanding of what your organization does with the information it collects.  For example, do you share information with third parties, use cookies and other web tracking technologies, or send promotional emails?  Whatever the practices, they need to be clearly described in your privacy policy.

The second part, “do what you say”, is more of a challenge.  Simply stating the policy is not enough – you must adhere to the policies and procedures as described.  Your organization will be held accountable for any failure to meet its own written standards, thus it’s imperative that everyone in the organization understand what they should be doing – and equally important, what they should not be doing.  There are useful tools and approaches for assessing and monitoring such adherence that you may consider adopting, such as a data privacy audit.

Finally, your privacy policy must keep pace with your practices and with changing law.  Web technologies, marketing strategies and other internal practices change regularly.  If the marketing department concludes that a monthly e-newsletter to donors is essential, that’s fine, but make sure that this is addressed in the privacy policy.  Unfortunately, many organizations do not routinely update their privacy policies to keep pace with such changes.

Additionally, the laws applying to privacy practices are in constant flux.  As an example, The General Data Protection Regulation (GDPR) issued by the European Union (EU) became effective May 25, 2018.  Although some organizations have adopted privacy processes and procedures in response to the regulations, many are still unclear as to the impact upon their organizations, and the steps necessary to comply.  In regard to your privacy policy, GDPR does require that you include specific provisions and “right” in your online privacy policy.  Failure to comply could result in significant fines and penalties.

As someone who routinely reviews and drafts privacy policies, I am keenly aware at how quickly these privacy policies can become “outdated.”  If you have a professionally drafted privacy policy, make sure that it is reviewed, followed and updated on an annual basis.  If you are like many organizations and have an outdated and/or inadequate privacy policy, then revising should be a top priority.  The investment today will go a long way in honoring the commitment to the privacy your supporters expect and deserve.

The post Privacy Matters: A Website Privacy Policy is Good Governance first appeared on Perlman Sandbox.

In most instances and jurisdictions, if drafted properly, a Terms of Use is a legally binding contract between you and your website visitors and users.  For most organizations, a website is a valuable commodity, i.e. one that publicly promotes a business’ brand and image.  Having the ability to exercise control is important in establishing and maintaining its value.  As with any venture, websites can also be a source of potential legal liability, so the Terms of Use also allows website owners to disclaim certain obligations, liabilities and damages that, in the absence of such disclaimers, might leave them liable for monetary damages.

To be the most effective, a Terms of Use needs to be tailored to match the specific website activities and the functionality and features provided.  In general, however, there are some terms that are typically included in a Terms of Use statement. Limiting potential monetary damages is essential to any Terms of Use, as the potential risks may far outweigh the benefits provided by your website.   Equally important is the protection of your intellectual property, including logos, designs, and original content.

Many websites allow users to post content, such as a comment section on a blog.  In such instances it is crucial that you ask for certain assurances regarding the content, as well as set expectations as to permitted topics and language.  Reserving the right (but not the obligation) to review posts and delete content is therefore vitally important in order to protect your organization and promote civility.  Even terms related to choice of law and venue – where a claim must be filed and what law will be applied – is important to consider, thereby avoiding situations in which you could be compelled to defend a claim in another state.

Your website’s Terms of Use is the contract that governs what users may and may not do on your website.  It delineates the rights and obligations of each party.  The more feature-rich your website, the more complex your Terms of Use will need to be.  Although as a blogger and occasional tweeter, I appreciate brevity, I do advise that when drafting a Terms of Use it is best to be as exhaustive as possible. It will provide your organization the maximum protection and reservation of rights.

The post Defining the Terms of a Terms of Use first appeared on Perlman Sandbox.