ALP: How can our company that does business nationwide best comply with the myriad of federal and state privacy laws?

July, 2004

The sheer number and variety of federal and state privacy laws and regulations that have been enacted in recent years can make privacy compliance an enormous challenge. Some of the laws are industry-specific, while others have broader application. The best way to address this challenge is to draft a privacy policy that complies with the most stringent legal requirements applicable to your company. This approach avoids the need to draft a policy that incorporates state variations among the legal requirements. For example, some states require the policy be drafted for a ninth-grade reading level. Other states require that companies use "opt-in" privacy policies, so that the company must obtain the customer’s affirmative consent to share personal information.

Although other states where the company operates may have less strict requirements, incorporating the most stringent provisions into the company’s policy has the added benefit of communicating to your customers that the privacy of their personal information is important. Studies have shown that the adult online population places great importance on a company’s privacy policy in choosing whether to do business with that company. Crafting a privacy policy that meets the most stringent requirements eliminates compliance confusion and tells your customers that you respect their privacy concerns. And remember, it’s not enough to say what you’ll do – you must do what you say.