Pattishall IP Blog

January 7, 2016

New Year’s Resolution — Review and Update Website Privacy Policy and Terms of Use

Filed under: Internet, Privacy — Tags: , , , — Pattishall, McAuliffe, Newbury, Hilliard & Geraldson LLP @ 10:05 am

Jason Koransky F HRby Jason Koransky, Associate

With the changing of the calendar to 2016, now is a good time to look over your company’s often-neglected website privacy policy and terms of use. Here are 10 areas to focus on in reviewing and updating these important areas of your website.

  1. Disclosure of personal information to third parties. Under California law, California residents can request information about how your company or its subsidiaries provide personally identifiable information (“PII”) to third parties for these third parties’ marketing purposes. Your company’s website should include a notice to California residents that provides them a means to request this information. Further, on January 1, 2016, the Delaware Online Privacy and Protection Act went into effect. One of the provisions in this new law requires a website’s privacy policy to disclose the categories of third parties with which a website operator shares PII about the Delaware-resident users of a website. Accordingly, if your company’s website has any users in Delaware, your company must provide this information in its privacy policy.
  2. Disclose categories of PII collected. To comply with state laws such as those in California and Delaware, as well as to be proactive in communicating privacy issues with visitors to your company’s website, your website privacy policy should disclose all categories of PII that you collect from its users.
  3. Cookies? You should audit the use of cookies on your website, and make sure that your privacy policy properly discloses use of cookies. In addition, you should confirm that the opt-out procedures for cookies are up-to-date and functional.
  4. Limit content geared toward children. The federal Children’s Online Privacy Protection Act generally limits the collection of PII from children under 13. The new Delaware privacy law goes a step further. It prohibits the use, disclosure, or compiling of PII of a child under 18 years old if PII will be used in the marketing or advertising of 17 specific categories of goods and services, such as tobacco, tattoos, tanning facilities, or pornography. If your company’s website is not targeted toward children under 18, the website’s terms of use should expressly state this, and ask anyone under 18 not disclose PII.
  5. Tell users how to access PII. If your company’s website collects PII, the privacy policy should disclose how a user may access, review, and request changes to this PII.
  6. Use easy-to-read, straightforward language. With data security and privacy issues increasingly in the news and of concern to consumers, your website should be proactive in communicating its privacy policy. Making the policy user-friendly is a great place to start. Rather than being in hard-to-decipher legalese, the privacy policy and terms of use should use straightforward language that does not require a lawyer to understand.
  7. Make conspicuous links to the privacy policy and terms of use. The new Delaware privacy law requires that the link to your website privacy policy must be clear and conspicuous.
  8. Remove references to the E.U.–U.S. Safe Harbor Framework. In October 2015, the European Court of Justice declared that the Safe Harbor provision that allowed for the transfer of consumers’ personal information from the E.U. to the U.S. was invalid. Your website’s privacy policy, however, may still have references to this framework, such as stating your company’s compliance with it. Even though a new agreement may be negotiated, with the framework invalidated, references to it should be removed.
  9. Is your DMCA agent contact information correct? If your company’s website qualifies as an Internet Service Provider under the DMCA, it needs to have contact information for the DMCA agent to whom someone would submit a copyright infringement claim notification. You should confirm that this information is accurate.
  10. Are all e-mail, telephone numbers, and mailing addresses correct? Finally, your privacy policy and terms of use should provide website users a way to communicate with you about issues that may exist, either via e-mail, phone, or mail. Confirm that contact information is accurate, that your company actually monitors the e-mail addresses set forth on the site, and responds to inquiries that users may communicate to you.

*     *     *

Jason Koransky is an associate with Pattishall, McAuliffe, Newbury, Hilliard & Geraldson LLP, a leading intellectual property law firm based in Chicago, Illinois. Pattishall McAuliffe represents both plaintiffs and defendants in trademark, copyright, trade secret and unfair competition trials and appeals, and advises its clients on a broad range of domestic and international intellectual property matters, including brand protection, Internet, and e-commerce issues. Jason’s practice focuses on trademark, trade dress, copyright, data security and privacy, and false advertising litigation domestic and international trademark prosecution and counseling, and privacy issues. He is co-author of the book Band Law for Bands, published by the Chicago-based Lawyers for the Creative Arts.

For a printer friendly version, click here.

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

%d bloggers like this: