Privacy Is Good Policy – By David Klein

by FeedFront Staff on September 24, 2009


Clients frequently inquire, skeptically, as to the necessity of posting privacy policies on their websites. While some clients might prefer to skip that step (and expense), my advice is always the same: If you operate a website that collects Personally Identifiable Information (“PII”) from end-users (name, e-mail address, phone number, etc.), it is crucial that you compose an easy-to-read privacy policy that you make available to visitors on your home page.

Letting website visitors know, via your privacy policy, what PII you collect’ how you intend to use it; to whom you disclose the information to; and the security measures taken to protect that PII, is not only good policy from a customer-relations perspective, it is also required by state and federal law.

In addition to making sure that your online data collection activities are compliant with state and federal law, a well-written privacy policy can form a key feature of your online business strategy. If proper disclosures are included in your privacy policy and above the “Submit” button on your website, you can monetize user data through e-mail marketing, telemarketing and, where permitted by law, mobile/text message marketing, to end-users.

On the other hand, if you do not properly inform end-users of your intention to use their data for marketing purposes, any attempt to do so would almost certainly violate applicable law.

In crafting your privacy policy, you must provide specific disclosures for each intended use of the data, and you cannot deviate from the range of options granted to you in your privacy policy.

If you want to change your privacy policy to allow for greater uses of the PII in your database, you must contact the users that are already in your database and receive additional consent from them. For that reason, it usually makes sense to grant your business the greatest range of potential uses of the data when you first draft your privacy policy.

Even where you state up-front in your privacy policy that you can use your end-users’ PII in various ways, that does not always grant you the right to such uses. For example, more restrictive laws apply to the use of sensitive information such as Social Security Number, health-related information and financial data.

While properly collected end-user data may provide your business with a valuable revenue stream, collecting data also imposes a responsibility on your employees to safeguard such data. Various state and federal statutes require that you distribute to your employees a written manual on data security procedures, and that you notify end-users in case of any breach of security with respect to their data.

With all the rules and regulations governing the collection and use of PII – and given the potential financial benefits derived from a database of consumer information – it makes good business and legal sense to craft a privacy policy that is well-suited to the needs of your business, and that provides your website visitors with the information they require to make an informed decision.

This is only a brief overview of some of the legal issues associated with privacy policies. Remember to retain a licensed attorney to draft your privacy policy.

David O. Klein is a partner with the firm of Klein Zelman Rothermel LLP in New York, NY, where he practices Internet Marketing Law. He can be reached at (212) 935-6020 or via e-mail at

Download the entire FeedFront issue 7 here –
FeedFront issue 7 articles can be found here as well:

Leave a Comment