Email Privacy Practices

Privacy considerations

If you are using any of the email list message tracking methods, it is good practice to inform your subscribers you are tracking this information. You can notify them on your web site through your (organization's) privacy policy statement.

SEE BBBonline SAMPLE PRIVACY STATEMENT

Note: Keep in mind that including this information in your privacy policy statement is not only good practice, but also a legal requirement in many countries.

FTC Principles

The core principles of a privacy policy are as follows :

1. Notice/Awareness:  Your list subscribers should be given notice of your business information practices before any personal information is collected from them.  This requires that you explicitly notify your list subscribers of the following:

  •     identification of your business entity collecting the data;
  •     identification of the uses of the data;
  •     identification of any potential recipients of the data;
  •     the nature of the data collected and the means by which it is collected;
  •     whether the providing of the requested data is voluntary or required;
  •     list the steps taken by you to ensure the confidentiality, integrity and quality of the subscribers data.

FURTHER READING: FTC CAN-SPAM ACT

2. Choice/Consent:  Choice and consent in an online information-gathering sense means giving subscribers options to control how their data is used.  Specifically, choice relates to secondary uses of information beyond your immediate need  for users to complete the subscription. The two typical types of choice models are 'opt-in' or 'opt-out.'  The 'opt-in' method requires that subscriber affirmatively gives permission for their information to be used for other purposes; without the subscriber taking these affirmative steps in an 'opt-in' system,  you assume that the information cannot be used for any other purpose. The 'opt-out' method requires subscribers to affirmatively decline permission for other uses;  without the subscriber taking these affirmative steps in an 'opt-out' system, you assume that you can use the subscribers information for other purposes.  Each of these systems can be designed to allow individual subscribers to tailor the information you use to fit his or her preferences by checking boxes to grant or deny permission for specific purposes rather than using a simple "all or nothing" method.

SOLVED: Orlando List Wizard provides in the email template an "Unsubscribe" link so your subscribers may 'opt-out'.  When new users subscribe, a confirmation email is sent and tracked so your subscribers may 'opt-in'.  If you have multiple lists, the subscriber can select a specific list by checking a box.

3. Access/Participation:  Access as defined in the Fair Information Practice Principles includes not only a consumer's ability to view the data collected, but also to verify and contest its accuracy.

SOLVED: The Orlando List Wizard provides in your email template a "Preferences" link to enable your subscribers to check and edit their information data.  (Add/Delete)

4. Integrity/Security:  You will need to ensure that the data you collect is accurate and secure.   You can keep your list secure by protecting against both internal and external security threats. You as a business owner can limit access within your company to only necessary employees to protect against internal threats.

SOLVED: Orlando List Wizard can use encryption, user authentication and other computer-based security systems to stop inside or outside threats. Basic server security comes with your system.  For an extra fee Orlando List Wizard can recommend and  implement other security options.

5. Enforcement/Redress:  In order to ensure that companies follow the Fair Information Practice Principles, there must be enforcement measures.

The FTC identified three types of enforcement measures:

  1. Self-Regulation by the information collectors (YOU)  or an appointed regulatory body (See below)
  2. Private Remedies that give civil causes of action for individuals whose information has been misused to sue violators;
  3. Government Enforcement, which can include civil and criminal penalties levied by the government.

Orlando List Wizard Recommends Using Online Privacy Certification Programs

Online Certification or "Seal" programs are an example of industry self-regulation of privacy policies.  Seal programs usually require implementation fair information practices as determined by the certification program and may require continued compliance monitoring. TRUSTe,the first online privacy seal program.  Other online seal programs include the Trust Guard Privacy Verified program,  TRUSTe, and Webtrust.