Do I need a privacy policy?

Q. Does my store need a privacy policy? If so, what should it include?

A. The Dykema law firm developed privacy policies for MRA’s merchant processing business and its website. Jason Hanselman at Dykema’s Lansing office provides this overview.

In response to concerns about identity theft, privacy statements are legally mandated for certain businesses, such as financial institutions.

Other businesses may develop privacy policies to protect customer information and to avoid the public relations repercussions of inadvertently disclosing customers’ personal information. Customers want and may expect to know how a business will use their personal information.

A good privacy policy accurately explains what information is collected about the consumer, with whom it is shared, how it is used, how it is protected and the consumer’s right to “opt out”—decline to share the information.

Moreover, a business that adopts a privacy policy should implement it and ensure that employees understand and comply with the policy’s requirements.

It may be tempting to simply find an existing privacy policy and adopt it as your own. However, juries are awarding large sums—in one case, $4.5 million—in legal settlements against websites that did this without reviewing the policy for accuracy or without implementing its mandates.

Each business owner should consult with a lawyer to determine whether a privacy policy is advisable and, if so, what information should be included. The key is to adopt a privacy policy that accurately reflects your business’ use of information and complies with any applicable statutory requirements.