Concerns about online privacy are much in the news. Businesses, consumer advocates and governments debate what online privacy means, and what practices should be adopted by web site operators to address privacy concerns. It is an issue for all web site operators, not just the likes of Google and Facebook.
What does the individual web site owner need to know, and do?
At the federal level, the Children’s Online Privacy Protection Act of 1998 sets forth rules for collecting personal information by web sites directed at children. Financial institutions are subject to separate requirements under the Graham-Leach-Bliley Act, discussed here.
Compliance is complicated not only by the fragmented legal landscape, but also by the fact that new legislation is proposed every year.
Online privacy remains very much an evolving concept, and the debate over standards likely will continue for years to come. In March of 2012, the Federal Trade Commission issued a comprehensive report, entitled Protecting Consumer Privacy in an Era of Rapid Change, which offers a good overview of the state of the law, varying business and consumer perspectives on the question, and the different approaches under consideration. The FTC web site, http://www.ftc.gov/, contains additional guidance. Some of the practices referenced in this Report, while not now legally required, may emerge with time as “best practices.”