I have been trying to learn my way around blogs. In searching for other privacy-related blogs I have seen many blogs that don't know what they are talking about. Too many were talking about the new Claifornia legislation that requires websites to have privacy policies if they collect any personal information from California residents.
There were many complaints about how this law has California reaching outside of its borders. While I am not a fan of local and state Internet-related laws, until Capitol Hill begins to move on issues like these, states may feel they have to act to protect their own residents.
California isn't reaching outside of its borders. it is regulating others than reach within its borders. State consumer laws have always reglated sales to their residents, from any location. Catalogue sales, phone sales and mail-order sales are models of how this has always worked. This new law is no different.
And, frankly, it's a good idea in any event.
Efforts to require them have, largely, failed.
Tell people what you are collecting and how.
Tell them how it is being used. (shared? if so, with whom?)
Can they access it to confirm it's accuracy or to see what the site has already (most sites don't have mechanisms for this)
Do they have a choice (other than by electing not to use the site?)
What's the choice.
think about any spyware or tracking technologies. think about banner ads or other third-party marketing and data collection that might be occurring at the site. If you have e-commerce, are you using outside vendors to ship, fulfillment operations outsourced?
it's that simple.
A few simple tricks can also make sure that you are better protected when the unthinkable or unexpected happens. What if the company is sold? or merged into another? or unhappily, if the company goes belly-up and assets are sold in bankruptcy? what about your promise never to share this information or transfer this information to others. In each case, these are "others."