On the Web Since 1996


On the Web Since 1996	Online Legal Contract Drafting Service for Information Technology, Software & Internet Businesses

Free Online Articles
	Website Design-Hosting
	Terms of Use
	Privacy Policy
	Customer Agreements
		Subscription Agreements
		Membership Agreements
		SaaS Agreements
	Email Marketing
	Website Advertising
	Intellectual Property
	Online Contract Drafting
	Affiliates & Resellers

12 Sure Ways your Website can get you Sued

$49 Value

WHY YOU NEED TO PLAN AHEAD...
OR YOUR PRIVACY POLICY
WILL LEAVE YOU IN A LURCH

I talk to clients all the time about not falling into the trap of believing that their Privacy Policy is really nothing but a lot of fluff, filled with vague, self serving statements such as "we respect your privacy".

It's actually way more than that; it's viewed as an enforceable contract by the Federal Trade Commission (FTC), and as such it may be construed against you and subject you to substantial liability.

It's critical that you plan ahead a little bit... anticipate the future needs of your ecommerce business in terms of data collection, use and sharing.

If you don't plan ahead and anticipate circumstances where you may need to collect passive information or share personal information of your customers or mailing list, you may end up in a lurch, so to speak. The Toysmart and Gateway Learning cases illustrate what can happen if you don't... and the 2 tips I'll offer below.

The Toysmart Case

Toysmart was an online seller of children's toys. In 1999, Toysmart's privacy policy was explicit; it stated unequivocally that the company would not share personal information of customers with any third party. Later, unforeseen difficulties forced Toysmart into bankruptcy under Chapter 11. One of Toysmart's most valuable assets was its customer list and its associated personal information.

In 2000, when Toysmart attempted to sell its customer list to generate a recovery for its creditors, the FTC filed a "deceptive practice" lawsuit under Section 5 of the FTC Act. In addition, several state attorneys general objected to the sale. The FTC maintained that the sale of the customer list could only be consistent with the established privacy policy, and Toysmart's privacy policy did not authorize the sale of personal information in the event of bankruptcy.

TIP NO. 1: amend your privacy policy to cover not-so-obvious sharing possibilities such as sharing as part of the unlikely event of insolvency, bankruptcy, or receivership.

The Gateway Learning Corporation Case

Beginning in 2000, Gateway Learning Corporation posted a privacy policy on its website promising, among other things, not to rent consumers' personal information to others.

In April, 2003, despite these promises, Gateway started renting personal information provided by consumers - including their names, addresses, phone numbers, and age ranges and gender of their children - to target marketers for use in direct mailings and telemarketing calls. Two months later, Gateway amended its privacy policy to permit the sharing of personal information, apparently believing that the amendment would take effect retroactively.

The FTC promptly filed suit against Gateway alleging that Gateway's renting of personal information collected prior to the privacy policy amendment was unauthorized, and therefore a "deceptive practice" under Section 5 of the FTC Act. In other words, the FTC argued that the amendment was not retroactive.

TIP NO. 2: ensure that any personal information that is shared with others is authorized by clear privacy policy notices which were in the policy at the time the personal information was collected. Amendments regarding the sharing of personal information are not effective retroactively.

Conclusion

Although your privacy policy may not be an enforceable contract between you and site visitors in the strictest sense, the FTC will enforce your privacy policy against you for purposes of a Section 5 violation, and the FTC is always watching for violations. For this reason, privacy policies should be drafted and frequently reviewed with a view to the lessons of the Toysmart and Gateway Learning cases in mind.

Given the difficulty of amending Privacy Policies retroactively, particularly regarding the sharing of personal information, it's highly recommended that you anticipate in advance to the extent it's possible the privacy disclosures that you might need to make down the road, and add them to your Privacy Policy now... before it's too late. Here's a few examples:

collection of passive information by cookies and Internet tags;

collection of navigational data by log files, server logs, and clickstream data;

sharing with service providers such as ISPs, website designers, etc.;

sharing with your entity affiliates (subsidiaries, related entities);

sharing with purchasers of your business;

sharing with third parties in response to legal process;

sharing with third party web analytics services such as Google Analytics; and

as pointed out in the Toysmart case, sharing as part of the unlikely event of insolvency, bankruptcy, or receivership.

The lesson to be learned... if you anticipate these issues now and provide for them you won't be caught in a lurch if you later decide to employ them in your site.

This article is provided for educational and informative purposes only. This information does not constitute legal advice, and should not be construed as such.

WANT TO USE THIS ARTICLE IN YOUR EZINE OR WEBSITE? You may, as long as you reprint the article in its entirety with live links and include this blurb with it:

Chip Cooper is a leading information technology, software, and Internet attorney who helps small ecommerce businesses nationwide stay out of court with affordable website legal compliance. To sign up for FREE tips like these in Chip's newsletter and his FREE Special Report, "12 Sure-Fire Ways Your Website Can Get You Sued", visit Chip's digicontracts.com site, and also learn about his "Do-It-Myself" and "Do-It-For-Me" service options.