As the Internet becomes a prime resource for buying products and services and for conducting financial transactions, there is growing concern about how companies collect, share and sell customer information. In particular, consumers want to be sure the information they provide over a Web site will not be used by unauthorized third parties.

The California Society of CPAs (www.calcpa.org) advises companies that conduct business on the Internet to take steps to assure customers that their privacy will be respected. A clearly written and prominently posted Internet privacy policy can alleviate fears, instill a climate of trust and encourage visitors to feel comfortable doing business with you.

Why Have A Privacy Policy?
Some Web sites collect detailed information in order to provide customized, targeted shopping experiences or to permit one-click shopping. Other sites collect e-mail addresses for future promotions and mailings.

A privacy policy establishes clear expectations by explaining to visitors exactly what information is being collected. This includes information entered directly by the visitor, such as e-mail addresses, as well as the use of technologies, such as cookies, that track data not explicitly provided by the user. When customers understand how their information is going to be used and protected, they can make informed decisions about how much to disclose.

What Should A Privacy Policy Include?
A good privacy policy should answer questions any consumer visiting your site is likely to ask. For example: What kind of personal data do you collect? Are individuals aware that their personal data is being collected? Is personal data disclosed to third parties and if so, how and why? Do you allow third-party advertisers to place banner ads and send cookies to your customers? Are there procedures that allow site visitors to find out what information you have gathered about them? Do you make it easy for visitors and customers to opt-out or unsubscribe from any lists you maintain? What security measures are in place to protect customer and visitor data from loss or misuse?

How Do You Create A Privacy Policy?
In creating a privacy policy, you may be tempted to look on the Internet for a policy that sounds workable and post it or something similar on your site. Don’t. Privacy policies differ significantly, depending on the company’s activities, the nature of the information it collects and how it uses or shares that information. Your privacy policy should be the outcome of an extensive internal review of your company’s data collection practices that examines the value of the information it collects and evaluates how that data is maintained and protected.

Meet with everyone in your company who touches customer data and ask specific questions about the type of information they need, where they get it from, and how they use it. Conducting your analysis from the customer’s perspective will help you create a policy that protects consumers’ data and allows your company to carry out its business functions.

Write your policy in clear, understandable language, and for easy access, post a link to it on every page. Be sure to share your privacy policy with everyone in the company and explain the importance of complying with its guidelines.

A CPA Can Help
Protecting customers’ privacy is essential in today’s business environment. Keep in mind that privacy is not the same as security. To further alleviate customer concerns about conducting business on your Web site, be sure company privacy statements are supported by security statements, indicating the technology used to protect consumer information. If you need advice in these areas, consult a CPA.