Is Your Web site Killing Customer Confidence?

TRUSTe WHITEPAPER
How to Reduce Shopping
Cart Abandonment
Inspiring Trust in your Small Business Web site
55 2nd Street, 2nd FloorSan Francisco, CA 94105415 520 3400 tel415 520 3420 faxprivacyseals@truste.comwww.truste.com
©2009 TRUSTe. All rights reserved.Put yourself in the customer's shoes: when shopping online, what are the things that worry you most? Before you enter your name and email address do you think about spam clogging your inbox? Concerned that the personal information and credit card number you give to a boutique Web site might end up in the wrong hands? Have you ever abandoned a transaction because something just didn't feel right?
If you are like most consumers, you check to see if the site bears the seal of a third-party verification program and if the site has a privacy policy. But do you think about your own Web site's privacy policy?
You should.
Your Web site's privacy policy can be a key factor in a customer's decision to do business with you, and it is vital to ensuring you don't run afoul of your online legal and regulatory responsibilities. Need more reasons? Read on.
Do I Need a Privacy Policy?
There's good reason most Web sites include a link to a privacy policy - they are required by law to have one. Sections 22575 through 22579 of the Business and Professional Code of the State of California outline the conditions and requirements that a business operating a commercial Web site must observe in posting a privacy policy. That portion of the Online Privacy Protection Act of 2003 opens with these words:
An operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Web site...
I know. you are thinking, "But I'm not in California. This law doesn't apply to me." Well, that's the magic of the World Wide Web: it's worldwide, so if your office is in Peoria, Illinois and you operate a commercial Web site, you need to operate as if you have customers in California and comply with California's law.
Also, if you are online and use third party business services, such as Google's AdSense advertising products, you may be required to have a valid privacy policy to participate.
The fact is, a privacy policy is no longer a nice thing to have to illustrate your respect for the customer, it's a must-have. As if all the reasons why you have to post a privacy policy to your Web site aren't enough, let's focus on the benefits to having a privacy policy. And not just any old privacy policy, but a privacy policy that is as unique as your business and that functions as an asset to your online presence, helping to build trust and confidence in your brand.
2 ©2009. TRUSTe. All rights reserved.Privacy Policies and the Smaller Enterprise
In spite of the attention that has been given to privacy failures in recent years, it is clear that smaller businesses either don't understand their obligations or are choosing to ignore the risks. According to a survey commissioned by TRUSTe in March of 2009, 56 percent of small business Web sites have no privacy policy. Of those companies that do have a privacy policy, 35 percent said they cut-and-pasted their privacy policy from another company's web site.
You see, a privacy policy must be a reflection of your business practices, not someone else's. If you cut-and-paste another company's privacy policy, how do you know the conditions and promises that policy makes apply to you? The policy you post, whether copied or an original drafted for your company, is considered a binding agreement between you and your customers. As such your state's attorney general and the Federal Trade Commission take a dim view of any failure to adhere to policies posted on a business Web site.
For instance, if your privacy policy states simply that you don't share personally identifiable information (PII) with third parties, but you take credit card orders, you're already in violation of that policy. After all, someone had to process that transaction on your behalf. And what about the company used to ship purchased products? A name and address are considered PII, and that information had to be shared in order to ensure proper deli... [download for more]