Privacy Policy: Why Your Website Should Have One

by Shaya Silber

At a time where a vast amount of commerce and communications take place in cyberspace, everyone who is involved must be conscious of the information that they are sharing about themselves, and collecting about others. Disclosing personal information, or using someone else’s information for unauthorized purposes can have devastating consequences. A privacy policy is one of the most important agreements that any website or business should have.

People have great business and/or web ideas every day. Their first instinct is to contact a web developer and get their project up and running as soon as possible. However, they often overlook some of the risks that are inherent in building and operating a website. A lot of these risks, often involve a certain level of technical know-how. This concept does not occur to most people, simply because these concerns evolved relatively recently.

A privacy policy should be easy to access and read. It should outline the company’s approach to the collection and use of private information. Unusual terms or disclosures should be brought to the attention of the user.

Types of Information Collection

Your privacy policy should outline which type, and how much information is being collected. This can be a little more technical than most would expect. In addition to names, addresses, credit card information and other bits of information that may seem obvious, websites and businesses collect cyber information such as IP addresses, hostnames and other server information. When building a website, you should consult with your programmer to determine what kinds of information you will be collecting. It is important to relay that information to your lawyer to determine whether the scope of information collected is reasonable and legal, and how you might address it in a privacy policy.

How Are You Gathering Information

When building your website or business practices, you should determine how you will gather information. The key distinction here is whether information is provided voluntarily by the user, or whether it’s gathered automatically simply by virtue of visiting a website, for example.

Again you should discuss information gathering practices with your programmers, web developers and lawyers.

How are you Managing the Information

Several issues arise where a website stores the personal information of its users. Aside from the obvious security concerns, there are questions of international law that arise as well.  It is becoming common practice for a website located in Canada, for example, to have its information stored on one or several servers located internationally.  Most foreign jurisdictions have legislation addressing the collection and storage of personal information. These legislation may have requirements to obtain additional consent from users, among others obligations.

Why You Should Have a Privacy Policy

If the information that you collect is mismanaged, it could expose you to significant liability. Liability isn’t limited to damages that may be awarded in court. Oftentimes, the negative publicity generated by the misuse of personal information causes irreparable harm to a company/website’s reputation.

From a practical perspective, a privacy violation opens a company up to liability. Privacy violations may result in a tort action against the violator. Furthermore, it is increasingly common to see complaints lodged with the Privacy Commissioner. The Commissioner does not have the power to award damages. However, in some cases the Commission discusses remedies that may be available at the Federal Court. In most cases, courts are unwilling to award any monetary damages. However, in a recent case, the Federal Court awarded $5,000.00 to an individual who was denied a loan due to incorrect information provided by the credit bureau. This seems to indicate a new approach to privacy law in Canada. It will be interesting to see how future cases apply damages in these circumstances.