These Four steps can help you successfully evaluate your company’s privacy statement:
First, find out if your company’s marketing strategy includes advertising based on consumer information collected through cookies or other tracking technology. Even if this type of advertising is not part of current plans, your company’s website still may have third-party tracking activities occurring on it, and these activities must be disclosed in the privacy statement as of January 1, 2014.
Third, find out when and how the privacy statement is or was presented to users who provide personal information through the company website(s) and/or mobile application(s). Is the privacy statement presented as a persistent link in the footer of each webpage? Are users required to agree to the privacy statement? If not, consider implementing a mechanism that requires users to do so before providing their personal information.
Finally, if your privacy statement needs to be updated, make sure you notify all consumers in advance and ensure that the changes you propose are reasonable. Unreasonable and overbroad changes made after the fact can cause reputational harm. Instagram learned this at the end of 2012 when it tried to change its terms of service so that users’ photos could be used “in connection with paid or sponsored content or promotions, without any compensation to [the user].” After a hail of consumer complaints, Instagram withdrew the revised terms and publicized new, more reasonable ones