‘Do unto others how you’d want them to do unto you’

You may be a small business, but chances are you collect some form of PII. Even small businesses are accountable for the safety of user PII, and thereby must take adequate measures to protect it. Lead Microsoft.com editor Monte Enbysk gathered TRUSTe’s insight to help develop 6 privacy tips for small businesses:

1. Take inventory of the personal information you collect and store.

2. Analyze how safely you use and store this data.

3. Make sure you’re complying with industry or federal laws.

4. Post a privacy policy that is clear and comprehensive.

5. Have your policy reviewed by an attorney or by a privacy seal program.

6. If you have employees, make sure their personal information is protected too.

According to Enbysk , you should seek the expert opinion of a privacy service like TRUSTe who can help ensure the accuracy and validity of your privacy statement. Not only may a third-party privacy authority ensure your privacy statement and practices are up to par, but a seal from TRUSTe can benefit your brand.

“The Web privacy seal is one of [TRUSTe’s] most popular products,” says TRUSTe’s VP of Communications, Carolyn Hodge. A privacy seal may be most beneficial to small e-tailers with little or no name recognition outside their hometown or region.

Competitive Litigation on Privacy Policy Violations

Everybody knows about how the pesky little privacy policy on your website can land you in hot water with the FTC. Under the FTC Act, deceptive and unfair practices against consumers can get you a 20 year relationship with the FTC and a hefty fine. For the most part though, the resources of the FTC are such that they can’t go after every company that violates its privacy policy. Also, its really for individuals to pursue cases as most of us don’t have big litigation war chests to sue companies that violate our privacy.

All that has now changed. The bright folks over at Perkins Coie have figured out that deception isn’t bad for just consumers. The Lanham Act (usually associated with anti-trust actions) also allows for competing companies to sue their competitors for unfair and deceptive trade practices. In the case CollegeNET, Inc. v. XAP Corporation, Perkins Coie obtained a $4.5 Million judgment for CollegeNET because XAP’s practices violated its privacy policy. The reasoning is that if deceiving consumers to use your service harms the consumer, it also harms competitors.

Now, those with the money have the incentive to go after companies that don’t follow their privacy policies. One more reason to have monitoring and compliance services to make sure you are following your privacy policy.

– Posted by John Tomaszewski, VP Legal, Policy and Compliance