Where do you start? Begin with carefully writing the policy. It should include:
- a description of the type of information you collect
- how you collect it
- whether or not you store that information
- exactly what it is used for, and
- whether or not it will be made available to any third parties.
If you accept credit cards or mailing information used to send merchandise, you cannot say you “don’t share this information with any third party.” In order to process the credit cards or send items through the mail, you do have to share it with the post office and credit card processor. Even the user’s ISP can see the information being collected while in “transit” to the website’s server. Because of this, it is nearly impossible to have a situation where information collected from a user is not made available to any third party.