As the explosion of social networking sites shows no sign of slowing down, online privacy policies are becoming more and more of an issue. Everyone from middle school students to 89-year-old grandmothers are using sites like Facebook--and online games of the Farmville variety are played by tens of thousands. Facebook and Farmville in particular have come under fire recently for privacy breaches; the Wall Street Journal reported Monday that personal information from people who use third-party Facebook applications is getting released to Internet databases.
As a reaction to the growing problem, the Federal Trade Commission has created the Red Flag Rule, which will require many businesses and organizations to implement an Identity Theft Prevention Program. The FTC hopes that the rules will make the warning signs of identity theft more transparent to people at risk.
The Better Business Bureau has released the following tips for people involved in businesses that may unwittingly collect personal information:
Ask yourself what information you collect. Outline all personal information that you collect from customers.
Ask yourself how you collect the information. Websites collect information from customers in a variety of ways. Even if your business doesn't sell anything over the Web, an e-mail sign-up for a newsletter, an application online for credit or installing cookies onto the visitor's computer to track their activities could all put that customer at risk for a privacy invasion. Always disclose with your customer how data is collected at your company.
Explain to customers how your company shares their information with third-parties, such as when orders are processed.
Customers need a way to control their personal data. Provide reliable contact information so that customers can change their password, take their name off a company mailing list or any other means of information management that customers have at your company.
Explain how you protect your customer's data. This could be anything from limiting employee access to sensitive customer data to server security.