To build customer confidence, there's nothing better than a boldly exhibited privacy statement.

Another must when building your Web site is writing a privacy policy and posting it boldly on your site--it's a necessity today for building consumer confidence.
A good policy includes a description of how data is collected and used; a way to allow users to choose not to provide data or permit their data to be shared; and a description of the procedure for users who want to request or update data. You can also follow fair-information practices laid out by the FTC. And remember: Once a privacy policy is posted on your Web site, you'd better adhere to it, or you can expect to find yourself in legal trouble.

A good privacy policy should cover questions anybody visiting your site might have. Tell people what's being gathered, by whom and for what purpose. Visitors should also be told their options for participating in your information-gathering. Your privacy policy will need to address the following:

Reveal what personally identifiable information is being collected through your Web site, including that which is automatically collected when users log on. For instance, you may want to state that your business collects information on visitors' Internet addresses and browser types to help with site maintenance.

Identify the particular business collecting the information. So include your company name and contact information (which you should have prominently posted anyway).

Tell your visitors how the information will be used. Is it for shipping and billing purposes? Do you share the information with anyone else? Inform visitors about choices they have concerning the collection, use and sharing of that information. If visitors must register and provide information, allow them to opt not to receive newsletters or other e-mail.

Describe security procedures used to protect visitor data from loss, misuse or alteration, including your secure server and encryption methods.

Let them know how they can view the information you have collected on them and correct any inaccuracies.
Be ready to adapt standards to your business and your customers. Privacy is obviously a bigger concern with certain kinds of companies, such as financial-services providers.

You can download a fill-in-the-blank privacy statement at Truste.com, a nonprofit organization in San Francisco, or apply for a privacy seal, as we explain below.

Online Seal Programs
Think of online seal programs as a Better Business Bureau for the Web. It works like this: If a business follows certain privacy rules, it's allowed to display a seal of approval on its Web site. Customers logging on to your site will feel more confident buying your wares; the seal offers proof that your business takes privacy seriously and uses the information collected in a responsible way.

Two leading privacy-seal programs are TRUSTe (Trusted Universal Standards in Electronic Transactions), based in Cupertino, California, and BBBOnLine, a subsidiary of the Council of Better Business Bureaus (BBB) in Arlington, Virginia. To include either of these programs' privacy seals on its Web site, a company must agree to post a privacy statement that's easily accessed and understood; further, the business must implement privacy principles that reflect fair-information practices.

The TRUSTe seal is awarded only to those sites that adhere to TRUSTe's privacy principles and comply with TRUSTe's verification and consumer-resolution processes. The rules state that participating companies must inform customers of what kind of personal information is collected, how it's used and with whom the information will be shared, as well as the site's policy on correcting and updating the visitors' information. Additionally, companies must give users the opportunity to opt out of having their personal information given away (or sold). TRUSTe's program costs $499 for a company with yearly sales less than $500,000 and the price increases as a company's sales increase.

Similarly, the BBBOnLine privacy program is also designed to assure consumers that their information will be safe in your particular corner of cyberspace, and its requirements are similar to TRUSTe's. BBBOnLine's privacy seal is backed by the Better Business Bureau; to participate, a company must be a member of the BBB. All applicants pay an annual assessment evaluation fee based on the company's sales. Don't expect anything too exorbitant: For companies with total sales of $1 million or less, membership in the program costs $200. You can also apply for a Kid's Privacy Seal, which was developed to help businesses comply with the Children's Online Privacy Protection Act.

The Direct Marketing Association (DMA), a trade group in New York City, has an online guide to help entrepreneurs develop a privacy-policy statement. The guide encourages companies to complete a questionnaire and create a privacy-policy statement consistent with the association's Privacy Principles for Online Marketing, which are similar to the seal programs' principles mentioned above.