Introduction to Privacy Policies

Every website must have a privacy policy as a matter of law. As a matter of revenues, most affiliate programs now require affiliates to post them as well. Put another way, if you want to make money selling something offered by a third party, you need a privacy policy on your site.

This rather forced approach to privacy policies can often get sites into serious trouble. Why? They don’t understand the purpose of posting the policy so they often “borrow” [cough] privacy policies from other websites or post some free policy they find online. Inevitably, this leads to a host of problems. Why? A privacy policy is a contract between you and the visitors to the site, and you may be violating it.


The purpose of the privacy policy is to alert users to a set of basic parameters. These parameters include what information you collect and what you do with it. As long as you accurately disclose your practices, you should be okay.

Here Comes Trouble

The problem with privacy policies is most online businesses do not adhere to them. The company will promise not to share user information with anyone while at the same time requiring the buyer to provide credit card information to a third party processor to complete the transaction.  This practice constitutes the sharing of the buyer’s personal information with a third party.

Another common problem that arises is the hemmed in issue. You start a site with the best intentions and promise your users that you will never, ever sell their information. Two years pass and someone approaches you with an offer to buy the site for $500,000. If you sell the site, you are selling the information of your visitors, violating the privacy policy and can be sued. The only way to deal with the problem is to go back and seek permission from your members to share their information with the new buyer. Believe it or not, it happens every day.

Then we move on to a more subtle change that frequently results in lawsuits. Let’s say we take the same scenario with your site mentioned in the previous paragraph. After a few years, you just are not making enough money and decide you want to sell your user information to third party advertisers. Doing so would violate your privacy policy. Can’t you just change it? Only if your users affirmatively agree to the change. As you can imagine, most of them will not be too happy when you tell them you want to sell their information to advertisers.

A privacy policy is something that needs to be put together with a lot of thought. It may seem a simple document for a site, but serious insight needs to be given to it lest you cause yourself a host of problems down the road. If you require assistance with privacy policies, feel free to contact me.

Richard A. Chapo, Esq.