siteGuardian - Internet Privacy VerificationsiteGuardian Business Information
Business Menu

Free Quote
How to Join
Membership Rates
Privacy Resources
Licensee Login
FAQs
siteGuardian Membership Requirements
Before you can display our Privacy Seal we must first approve your Application and Privacy Policy. We have outlined four simple steps to help guide you through this process:

Step 1: Submit Application to siteGuardian
Step 2: Perform a Site Review
Step 3: Create your Privacy Statement
Step 4: Generate Required Links

Step 1: Submit Application
Our automated service can provide a no-obligation online quoteation right now. It only takes a few minutes to determine your fees and responsibilities. Click here to get started.

Step 2: Site Review
Before you can create a Privacy Policy it is important to know exactly what your website is doing. Our Review Guidelines are designed to point out the major privacy concerns. It's the same guide our consultants will use when auditing your site. You are welcome to take our suggestions, but the final copy should be run past your legal department. We cannot assume liability for the legal details of your document.
Should you feel uncomfortable with the process, our staff is available for consultation at a nominal fee*.
The review is divided into ten steps:
  • Make a list of EVERY web page that has a field for user input
  • Determine if cookies are used and log their function(s)
  • Examine your online advertising policies
  • Where is personal information stored
  • Create an Anti-Spam message
  • For E-commerce applications, who handles your credit-card authorization
  • How do visitors access their personal information
  • What methods are in place for mailing opt-in/opt-out
  • Who is responsible for fielding privacy issues
  • How can people contact you
Make a list of ALL pages that collect information
To begin, create a list of all pages on your site that collects any type of user input. Don't worry about links as we'll cover those later.
A few examples are: search box, guest book, shopping cart, or any type of form.
Determine exactly what information is collected, to whom (if anyone) this information is shared, and if it is stored.
Place your results in a grid similar to figure #1.

Cookie Usage
Does your site use cookies? They are small files stored on the PC of each visitor. Websites will use cookies to store statistical information relating to the visitor such as the last page they viewed, date of last website visit, user name, site preferences, shopping cart, etc. When the visitor returns, dynamic HTML can read the cookie and personalize the site or record statistics.
Cookies can be temporary (just for the browser session), or for a specified period of time. Your webpage will set this "self-destruct date" automatically.
You'll probably have to work with your Web Master to determine the extent of cookie usage. Once discovered, add each cookie to your results grid (see figure #1). Each entry should include the element, type (cookie), data collected, reason for collecting it, and self-destruct date (in days).

Examine Advertising
Does your site host advertising banners, buttons, or text for other companies? It is generally a good idea to create a disclaimer for information that is beyond your control.
Take a good look at your own advertising medium. Does any of your banners, buttons, or text (forms) collect data? If so, treat it just like a page that collects information. Create a results grid for your advertising and list them similarly as a webpage.

Data Storage
Examine your result grids. Outside of cookies, which should already be listed, define the actual storage source. Create a grid similar to figure #2 which should provide a high-level view of your data map.
It is not necessary to map every record type, just those that relate to personal information. People do not need to know the types of lookups that might be needed to perform a specific task unless that lookup requires information they have provided to you.
Outline the record (or group) that each field belongs to, reason for storing the data, and the duration it is stored.

Create an Anti-Spam Message
It is against our policy for member sites to participate in spamming - the "art" of sending hundreds and thousands of unsolicitated email messages.
However, is completely legal - and ethical - to send targeted bulk mail. One example might be a mailing to all auto dealers in your area. We provide an example (see figure #3) of the required fields for targeted mailings.
Your customers will be more likely to provide their email address if they know you will not abuse it. An anti-spam message generally states that you will not use collected email addresses for any purpose without first consulting the owner.
You may prepare a statement of your own, or use ours.

Get to know your Merchant
Online businesses that accept credit cards must do so with a merchant account. It is critical that the collection of credit card information is performed through a secure server. Customers should be aware of these security measures. It is beyond the scope of our service to provide you with this type of information, but your merchant should have plenty of disclaimer data which you can use in compiling your Privacy Policy.

Users must be able to update their information
Check your results grid(s) and determine if every stored piece of information is accessable by the user who created it. They must be able to modify or remove personal information.
Most sites use either a web-based form to update/remove, or email.
Forms are generally automated and permit direct access to personal information. Visitors can see what has been collected, then have the option to modify or remove it.
Email can also be used to automatically or manually update information.
Whenever you change your Privacy Policy, site visitors MUST be notified by sending a message to their e-mail address. Further, they should have sufficient time (1-2 weeks) to modify their personal information BEFORE your new policy goes into effect.

Email Management
Simply stated, customers MUST be able to remove themselves from your mailing list. Approximately 80% of privacy-related complaints are made against websites that fail to control their mailing list.
Depending on the size of your list and frequency of mailings it might be necessary to utilize an automated opt-in/out server. Our member page contains several of the most popular programs.
However, many companies have little or no difficulties managing their lists manually.
Regardless of the method, you must place a disclaimer on every bulk emailing. Each disclaimer must have at least the following:
  • Subject line MUST contain ADV: as first four characters if the email is sent targeted bulk-mail. This is required by law in almost every state and many countries. Targeted bulk-mail is the ONLY form of unsolicitated mail acceptable by siteGuardian.
  • Body MUST contain at least a contact name and telephone number. We suggest supplying a name, business address, telephone number, and an email link to support. This is also required by law when sending targeted bulk-mail, but it is a good practice to use whenever sending bulk email.
  • Closing tag MUST contain an opt-out clause with simple instructions. Recipients who no longer wish to receive future mailings should be able to click on a link and never hear from you again.
It is critical that your mailing lists are maintained regularly. Make sure anyone who wants out is promptly removed.
We have provided several examples (see figure #3) that you may freely copy.

Identify your Support Staff
Who is responsible for fielding questions from your website? It may be a single person or an entire group. There could be a tiered (level) approach to problem resolution, or the buck might stop with you. Regardless, your Privacy Statement needs to identify HOW the resolution process works.
It is our policy to allow the site owners thirty (30) days to resolve a Privacy Complaint. Disclosing who (or what group) handles privacy diputes will make a significant step towards resolution.

Give them your digits
The final piece of an acceptable Privacy Statment will contain contact information. Using the information collected about your support staff, create a list of names, addresses, phone numbers, and email addresses that can be seen by your website visitors.






figure #1: Data Results - use a separate table for each page
Webpage:homepage
Collection Element:Type:Data CollectedPurposeStorage
search fieldtext inputsearch queriessend to google search engineNone
email fieldtext inputemail addressOption to add visitor to our mailing listDatabase
computed datecookiecurrent dateUsed with our stats software to count unique visitors.30 days

figure #2: Data Map
Database Type:DB/2 connected internally via ODBC
Record:Field:Reason for keeping:Duration:
usernameneeded for login purposesuntil removed by user
passwordneeded for login purposessame
emailused to send password if forgot by user and for periodic mailings to our subscriberssame
Opt-outdetermines if the user does not want to receive our periodic mailingssame
webstatIP Addressused to identify unique usersone year
dateTimerecords the time each unique user accessed our siteone year

figure #3: Email Disclaimers
Example #1: targeted email with a manual process for list removal

Subject: ADV: Car polishing service

Dear auto dealer:

Statistics show that a polished car has a 50% better chance of selling quicker and for more money than non-polished cars. We have reasonable rates and flexible schedules. For more information, please visit our webpage at www.weregonnapolishyourcartoday.com or contact us at your convinence.

Sincerely,
Mr. Waxsmoothly
Chief of Waxing
SpitShine, Incorporated

Phone: (555) 555-1212
Fax: (555) 555-1212
Email: support@weregonnapolishyourcartoday.com


DISCLAIMER:
This message was targeted to local auto dealerships. If it has reached you in error, please accept our apology. As law dictates, further transmissions may be stopped at no cost to you by sending a reply to this email address with the word "remove" in the subject line or by calling our toll-free number.

Example #2: mailing to customers who left their address on your website

Subject: Today's HOT Tip

Armor Airlines (NASQ: ARMAIR):
Company will announce a 30% increase in sales for the last quarter. Analysts believe the stock should rise between three and five points in the next several days. Armor closed yesterday at 11 3/4, up one fifth.


DISCLIAMER:
This message was sent unsolicited to members of our Hot Tip Stockwatch organization. If you'd no longer like to receive our daily tips, then simply click HERE


* Fees for staff consultation or investigation are billed at twenty dollars per half-hour. Our consultation service is available to individuals or companies that request assistance. It is purely optional.
Go to Top


2001 siteGuardian. All Rights Reserved