As MediaPost reports, AOL's recent changes to its privacy policy highlight how important it is for small-business owners to inform their customers about changes to their data collection, advertising, and other policies.
When AOL altered its data collection procedures, one of the company's subsidiaries, Gravity, had to inform its users that they could no longer file "do-not-track" requests.
What is a do-not-track request? When users visit a website, the website can track the user’s activity and send this data to other websites (or use it to customize their advertising). Gravity is a service that personalizes advertisements based on a user's preferences and browsing history.
When AOL took over Gravity, it changed its policies and no longer allows users to opt out of tracking. Now, any time users access AOL or Gravity, their activity can be monitored and used to customize the ads they receive.
While many users might not even notice the change, AOL had to disclose it. As an IT consultant, web app developer, or other tech professional, you might find yourself in a similar situation. Let's take a look at when and why you need to inform customers about changes to advertising and privacy policies.
What You Need to Know about Privacy Policies
When writing a privacy policy (for your business or your clients), you need to err on the side of caution. Always make sure you disclose everything you do with a user's data. If you overlook something (like sending user data to third-party applications), you could be sued.
So what do you need to include in a privacy policy? Usually, a company discloses…
- How it collects data.
- How long data is stored.
- What it uses data for.
- What policies users can opt out of.
- How to opt out.
- What third parties have access to user data.
That's a tall order, but it's vital that you clearly outline your data collection policies for your customers. (If you're writing a policy and want to see an example, see our sample privacy policy for IT companies.)
Why You Need to Inform Customers about Changes to Your Privacy Policy
Remember all those emails from banks and other online services alerting you that their privacy policy has been updated? While those emails might be annoying, they're necessary for companies that are looking to protect their liability.
A privacy policy is an agreement or contract between you and your users. If you take, store, or sell user data in a different way than originally agreed to, you'll need to change the terms of the contract and inform the customer.
While AOL and Gravity are receiving some bad press for no longer allowing users to file do-not-track requests, these companies are fulfilling their legal obligations by informing users about changes to their privacy policy.
It's a good reminder: even if you're worried customers might not like how you use their data, you have to inform them if you want to avoid a lawsuit. (For more information on covering tech lawsuits, read more about Errors and Omissions Insurance.)
Discussing Privacy Policies with Clients
Whether you're a web developer, app maker, or IT consultant, you might need to discuss a client's privacy policy as you work on various parts of their web presence.
Say you've just set up a new SaaS service that will manage a client's online sales data. The client might have to update their privacy policy. Now that customer sales data is being stored / hosted by a cloud-based third party SaaS, the client is sharing this data with another company. The privacy policy will have to reflect this change.
Clients likely don't realize the third-party liability they have, so make sure you discuss these data privacy issues before you install new web solutions. They want to know what they're getting into beforehand and may need to budget extra money to have a lawyer review their privacy policy.
