GRAND RAPIDS ? When a new business engages a consultant to design, develop, and launch its Web site, the most important issue is whether the Web site will attract the number of eyes that the new business needs. However, after the implementation of new laws by several states, the oft unnoticed privacy policy notices are increasingly important. Small business can ill afford significant lawsuits or regulatory action alleging violations of privacy protection laws.

A business must consider the potential impact of privacy laws from numerous states since the business may actively be soliciting customers or viewers in those states. It may also simply attract viewers from those states. There are a few basic rules a Web site owner and its designer must follow to avoid violating these new laws, particularly the California Online Privacy Protection Act of 2003 (the ?OPPA?), effective July 1, 2004.

Under the OPPA, California requires those collecting personally identifiable information from California residents through a Web site to post a privacy policy. This information includes a name, address, e-mail address, or telephone number. Until this point, a privacy policy has been seen as an honest attempt by the Web site operator to disclose to viewers relevant information about the Web site. Now, failure to conspicuously post a policy may subject the owner to liability and regulatory action.

There are some tips the entrepreneur should follow to minimize potential violations of privacy protection laws.

Tip 1: If you promise to securely keep personal data gathered online, you must effectively protect the information. The Federal Trade Commission has charged and settled with companies for failing to implement procedures to test the reliability of the privacy protection procedures promised on the Web site.

Tip 2: Sharing information through banner ads or joint marketing programs may unintentionally expose holes in your privacy procedures. Financial institutions have become accustomed to requiring customers to sign acknowledgments permitting sharing of information among a family of companies. A Web site accomplishes the same process by properly disclosing in a privacy policy the intentional breaches of that privacy by sharing information with third parties. The Web site owner should carefully ensure that it knows the complete trail of all information it gathers from the Web site.

Tip 3: The privacy policy should apply only to information collected from a Web site. The site owner must carefully draft a policy that does not incorrectly refer to all information gathered, stored or maintained by the business.

Tip 4: Your Web site should practice what it promises in the privacy policy. As Web sites experience rapid change and development during the initial stages of a business, the owner may fail to update the privacy policy to reflect changes in information gathering from the Web site. Or it may not add disclosures concerning sharing of information with third parties. The inconsistency between the policy and the actual practice may quickly lead to regulatory claims against the company. Each business host sponsoring a Web site should identify one individual responsible for ensuring that the practices on the Web site remain consistent with the privacy policy. This person should have a specific procedure for demonstrating that the company monitored compliance between policy and practice.

Although a mediocre Web site may not constitute the most important part of a business plan for an entrepreneur, a Web site violating new privacy protection laws may unfortunately create unexpected liabilities for the business. Careful consultation with knowledgeable professionals may help avoid these problems.

>This column was written by Jeff Van Winkle of Law, Weathers & Richardson, P.C.,

333 Bridge Street NW, Suite 800, Grand Rapids, MI 49504. Phone (616) 732-1744; email: [email protected]. Web site: www.lwr.com

.