Following the Facebook data debacle, the social media giant announced in April that it was updating its policy to better spell out what data it collects and how it uses it in Facebook, Instagram, Messenger and other products.
It’s especially important if you collect any kind of personal information from customers, he says.
If you fall into this category, you should sit down with relevant people in your company and find out what data you're collecting and what you’re using it for, he says. This will help ensure you’re making the proper disclosures.
Lydia de la Torre, a privacy law fellow at Santa Clara University School of Law, agreed: “You really need to understand your practices before you write your policy because if you don’t, you might not describe them correctly.”
You also have to make sure you’re not running afoul of any laws.
“Because of the cross-border nature of the internet, there’s a good chance you’ll run into some other jurisdiction’s law,” says Mark Grabowski, a communications professor specializing in internet law at Adelphi University in Garden City.
In addition, certain highly regulated industries like health care and banking have separate laws governing privacy and data collection, he says.
A clickwrap agreement is generally more enforceable in court.
“It’s difficult for a business to enforce any terms if the user didn’t agree to them,” says Pedram Tabibi, an attorney at Meltzer, Lippe, Goldstein & Breitstone in Mineola.
It should contain the proper disclosures but also be clearly laid out, considering that many of these policies can be hard for the average consumer to understand, he says. When Facebook revised its policy, it made the language clearer.
“I think one lesson perhaps here is maybe that there’s a need for these policies to be a little more plain English and more straightforward on what’s being done with your information,” Tabibi says.
Percentage of U.S. consumers who are concerned about the privacy of their personal information.
Source: International Data Corp.