Keeping it Legal – Privacy Policy & PCI Compliance

One of the most overlooked aspects of a website are the legal disclaimers such as the Privacy Policy and Terms of Use. This article is designed to help you put together these important web documents to keep you in compliance with federal law as well as Google (and other Search Engine’s) best practices.

Privacy Policy

The Privacy Policy is extremely important. It details in writing how you collect, treat and use the information you receive from customers and those who visit your website. Not having a Privacy Policy affects your SEO rankings, and more importantly, it is required by the Federal Trade Commission (FTC) for all online businesses located in the United States. Your privacy policy need to include the following element:

* How you collect information from the visitors of your website and customers
* You must describe details of what information you collected from your visitors ad customers
* You must convey and explain what you do with all that information. How it is stored and the location of the storage.
* You must give instructions for how visitors or customers can change or remove the information.
* Disclosure of other parties you would share information with.

The Better Business Bureau has a sample policy which can be found here: http://www.bbbonline.org/Privacy/sample_privacy.asp

PCI Standards

If your website is an E-Commerce website or you allow you clients or customers to pay by credit card, you must also comply with the Payment Card Industry Data Security Standard. (Please visit: http://www.pcicomplianceguide.org/ ) Failure to comply with the standards can result in fines up to $500,000 per incident or possible cancellation of your merchant credit card processing account. While all businesses must follow these standards, if you make fewer than 20,000 transactions per year, validating (i.e. proving) your compliance is optional.

The PCI standards require your business to do the following:

* Protect data that is stored with you.
* Implement security systems and applications such as firewalls and antivirus software.
* Have a firewall at all times to protect data
* Use anti -virus software and have it updated regularly
* Have your own unique system and security passwords
* Encrypt transmission of cardholder data and other sensitive data across all public networks
* Restrict employee business access to data based on the needs and job description of your employees
* Track and monitor all access to network resources and cardholder data
* Maintain an information security policy