Part I of this post addressed the content that appears on your company website – both content you create or that was created for you and content generated by users of your website. Today, we will look at the various technologies for collecting information from users – often without their knowledge or explicit consent – and the rules governing the use and protection of that information.
- Does your website track visitors’ activities through “cookies” or “web beacons”?
Cookies and web beacons are simply text files or software code which track users’ activities while on a website. Websites often use information from cookies and web beacons to personalize advertisements shown to a web visitor. For example, most search engines place a tracking cookie on your computer relating to searches you perform. That is why you might see advertisements relating to your past searches as you browse the internet.
Trackers such as cookies and web beacons are not currently subject to government regulation, though a coalition of website operators has created a self-regulatory regime which asks companies to implement privacy protections on their own initiative.
- Does your website gather personal information about individual website users?
- Do you have a plan to deal with unauthorized disclosures of personal information or other types of “data breaches”?
Regulations in several states also require that a website which receives personal information from website visitors have a comprehensive security program and a security system covering its computers. Similarly, most states require website owners to provide notice to consumers for any “data breach” resulting in unauthorized disclosure of personal information.
- Do you send emails to website visitors?
The federal CAN-SPAM Act establishes rules for commercial email messages. The Act prohibits false or misleading header information or deceptive subject lines and requires that the email discloses that the message is an advertisement. The Act also must indicate the physical address of the sender and must include a clear and conspicuous explanation of how to opt-out of future commercial emails.
Protecting personal privacy on the Internet is a growing area of concern for legislators and regulators. As businesses increase the use of their website to communicate and interact with their customers, they need to ensure that they comply with all of various federal and state laws governing the protection and use of that information.