Privacy Policies

If you have a Web site or advertise on the Internet, you should read this. It will help you cement your relationship with customers and reassure visitors. It may save you tremendous expense and aggravation in the long run.

The government wants businesses to adhere to privacy policies designed to give consumers greater say in the use of their personal information. Currently, the focus is on the largest business sites, but soon regulators will turn their attention to the thousands of small agencies, advertisers, media and small businesses that populate the Internet. In other words, AAF members.

If you don't have a privacy policy now, you will need one. But don't grimace -- we've done most of the hard work for you.

We have developed simplified policies for several types of businesses, including agencies, media companies, local ad clubs and ad feds, consumer product companies, retailers, and service providers. These policies are streamlined versions of guidelines AAF has developed with other members of the Online Privacy Alliance.

These sample policies may not match your needs exactly, but they do provide a good template for you to modify. We suggest you contact us at 1-800-999-2231, or have your lawyer review the policy before posting.

We cannot stress enough the importance of adopting a policy, not only for the reputation of your business but also for advertising in general. Privacy is a lightning rod for consumers. They do not differentiate among the types of information collected online such as demographic information, financial data or even medical information. Instead, given the anonymity of this medium, they are understandably nervous about the collection and use of any type of personal information.

Even if you don't collect information on your site, consumers won't know this unless it's posted as part of your privacy policy. Doing so will help raise consumers' comfort level and increase opportunities for advertising and marketing online.

But simply posting the policy is not enough. Once you have a policy in place, be sure each and every one of your employees knows and follows it.

If you need help or have questions, don't hesitate to contact us. Clark Rector in our Government Affairs office will be happy to help. You may reach him at 1-800-999-2231, or

Please be aware that these guidelines apply only to sites directed at adults. Congress already has passed a law pertaining to sites that are directed at children. The enclosed alert details the specifics of this new law. If you operate a site, or portion of a site, that is directed at children, you should pay special attention to the section on children's privacy online.

Guidelines for Online Privacy Policies

  1. An organization's privacy policy must be easy to find, read, and understand. Your home page is the best place to post it. Many sites provide a link to the policy on every page. At the very least, the policy should be posted on every page where information is collected.
  2. It must be available at or before the time that information is collected or requested.
  3. The policy must state clearly:
    • what information is being collected;
    • how the information will be used;
    • who is collecting the information
    • if the information will be distributed to another party;
    • with whom that information will be shared;
    • what information will be shared;
    • how your company protects the security of this information;
    • how your company ensures the data is as accurate as possible;
    • how consumers can access their information;
    • options for individuals who want to restrict the information collection; and
    • how your company will enforce this policy, including whom to contact if consumers have any questions.
  4. Individuals must be allowed to decide whether you can use their information.
    • If the information may be used for purposes other than that for which it was originally collected, individuals should have the opportunity to refuse the use of their information;
    • If the information is distributed to third parties for unrelated use, individuals should have the opportunity to refuse to have their information distributed.
  5. Individuals must be assured their data is secure.
    • Your company should take reasonable steps to assure collected information is accurate.
    • Your company should take reasonable steps to protect information from loss, misuse or alteration.
    • Your company should take reasonable steps to insure that any third party to whom you transfer the information is aware of your privacy and security policies and has similar policies in place.
  6. Your company must take steps to insure that information is accurate.
    • Your company should have a way to identify inaccurate information, such as reasonable consumer access to information or protections against accidental or unauthorized alteration.
    • Your company should have a way to correct inaccurate information.
You may adapt our sample privacy policies to meet your needs, and you may want to combine provisions from different policies into one policy that works for your business. Please note that these policies are examples only. We strongly urge you to have your policy reviewed by competent legal counsel.

Finally, we stress again the importance of insuring all your employees know and follow your privacy policy. Law enforcement agencies consider these policies to be promises to the consumer. Therefore, if you post a policy, but do not follow it, you may be subject to legal action.


Children's Privacy Online
In the waning days of 1998, Congress passed and President Clinton signed legislation designed to protect children's privacy online. This legislation requires that commercial operators of Web sites directed at children abide by rules to limit the gathering of information from children. Certain limitations apply if the Web site collects: In such cases the Web site operator must: The Web site must establish and maintain reasonable procedures to insure the confidentiality, security, accuracy and integrity of personal information collected from children. A Web site "directed to children" means a Web site that: An Online Seal of Approval
One more way to earn the online trust of customers and consumers is to apply for a privacy seal. It is awarded to those businesses that meet the highest standards for the treatment of personal information in cyberspace.

Several organizations now offer these seals, but the one with perhaps the highest consumer recognition is sponsored by the Better Business Bureau. BBBOnLine is accepting applications from businesses that agree to abide by its policies. The policies require you to meet a core set of principles and offer consumers a mechanism for resolving disputes.

In the future, consumer sentiment may make such seals all but mandatory for businesses engaged in e-commerce or advertising. By applying for a seal now, you can demonstrate your leadership and sensitivity to an issue of great public concern. AAF strongly urges you to consider it.

Information about the BBBOnline criteria or for businesses that wish to apply can be found at BBBOnline's privacy Web page or by calling their office at (703) 247-3667.

Privacy Policies
Below are links to our sample privacy policies. You may need to mix and match to develop a policy that's right you. And, as always, if you have any questions, contact us at 1-800-999-2231, or send an email to

Advertising Agency
Media Company
Online Shopping
Consumer Products Company
Communications Company
Travel Agency

AAF thanks Ketchum Directory Advertising, The Washington Post Company,, Sears, Roebuck & Company, Procter & Gamble Company, AT&T and Preview Travel for their assistance with this project. Each of these companies has generously allowed us to offer its policy as a template for you to use in formulating a privacy policy for your company.