1. Online privacy is not monitored by the government. The industry has asserted that self regulations are the most efficient and effective means of creating online privacy protection.

2. You should make your information practices available to visitors in a prominent place on you websites home page. The notice about information practices on your website should be easy to find, read and understand so that a visitor is able to comprehend the scope of the notice. The notice should be available prior to or at the time personally identifiable information is collected.*

3. The website contact information should be easily accessible so the visitor knows who is responsible for the site and can contact your organization for service or information.

4. If your organization’s policy changes with respect to the sharing of personally identifiable information with third parties, you need to update your policy and give consumers conspicuous notice and offer an opportunity to opt out.

5. If your organization has a site directed to children under the age of 13 or collects personally identifiable information from visitors known to be under 13 years of age, your website should take the additional steps required to comply with the Children’s Online Privacy Protection Act.

6. Webmasters have 10 days to remove user’s information when they opt-out of a program.

7. Industry guidelines address consumer access to information by providing generally that procedures should be established to ensure accuracy of the information, including allowing consumers access to, and the opportunity to correct, information collected about them.

8. Having an easily visible privacy policy on a website makes visitors feel more secure when using the site.

9. Information retained from visitors can be used for marketing purposes ONLY if they do not opt-out of the program.

10. Having an opt-in is the best way to insure your website is only sending the user information they want to receive.

*If your organization collects personally identifiable information for visitors, your notice should include:

- The nature of the personally identifiable information collected about the individual and the types of uses you will make of such information, including any marketing uses.

- Whether you transfer the collected information to third parties for use by them for their own marketing and the mechanism by which the visitor can exercise choice not to have such information shared.

- Whether personally identifiable information is collected by, used by or transferred to agents as part of the business activities related to the visitor’s actions on the site, including to fulfill orders or to provide information or requested services.

- Whether you use cookies or other passive means of data collection, and whether such data collected are for internal purposes or transfer to third parties.

- What procedures your organization has in place for accountability and enforcement purposes.

- That your organization keeps personally identifiable information secure.

References: www.the-dma.org, www.privacyalliance.org, www.cdt.org