Privacy Policies on Consumer Web Sites


An Educational Service of the American Library Association

Office for Information Technology Policy


Prepared by Leslie Harris & Associates in conjunction with OITP staff


In an online environment where personally identifiable information is collected routinely, librarians could assume the important task of alerting patrons about the quantity and type of information a commercial web site collects and how that information is used.  One way librarians can help patrons safeguard their privacy is by educating them about commercial web site privacy policies and privacy certification programs. 


A privacy policy is a statement that explains what personally identifiable information a particular web site collects, how it uses that information, with whom the web site shares the information, and whether and how users can exercise control over their personal information.  It is helpful for librarians to understand how privacy policies work and how to locate them in order to help their patrons as they surf the web. 


In general, each page of a commercial web site should have a link, usually at the bottom of a page, to the web site's privacy policy.  Unfortunately, not all web sites comply with this practice, and privacy policies often may be difficult to locate.  In addition to, or in lieu of, privacy policies, some web sites will provide the user with a notice immediately prior to collecting personally identifiable information.   


Not all privacy policies are equal.  Some privacy policies fail to adequately identify the types of information collected from a user, whether the web site uses cookies, how the company will use the personally identifiable information that it collects, the affiliated and third party companies with whom the company will share the information, or provide the user with ways to correct the information collected, or object to particular uses of their personally identifiable information.  A good commercial web site privacy policy should answer the following questions:


+    What is the information being collected?

+    Why is it necessary to collect this information?

+    How is the information being collected?

+    Does the user have a choice regarding the type and quantity of personal information that the web site collects?

+    How is the information used once it is collected?

+    Is the information shared with third parties?

+    Does the user have the right to object to secondary uses of the information?

+    How long is the personal information stored?

+    Can users access the information that has been collected about them and correct any inaccurate data?

+    What is the complaint and redress process?

+    Is the web site subject to any federal laws and regulations?

+    Is the web site subject to any state privacy laws?


Because there are no uniform requirements for web sites with respect to privacy policies, it is up to Internet users to vigilantly protect their rights and limit disclosure of personally identifiable information to those web sites that fail to adequately inform users about how the information is used and shared.  There are several organizations, particularly TRUSTe and the Better Business Bureau Online, that provide certifications or seals to web sites who have satisfied program requirements and may be deemed "trustworthy" with respect to privacy practices.  While these programs cannot guarantee how personally identifiable information is used, these programs can help a user determine whether his or her personally identifiable information will be used in an ethical manner and in accordance with the web site's privacy policy.


Further information:




Better Business Bureau Online:



Copyright 2002, American Library Association, Office for

Information Technology Policy




This Online Privacy Tutorial is a service of the American Library Association. The content of this tutorial is primarily the work of Leslie Harris & Associates in Washington, DC. The views expressed in these messages are not necessarily the views of ALA or Leslie Harris & Associates. This tutorial is for information only and will not necessarily provide answers to concerns that arise in any particular situation. This service is not legal advice and does not include many of the technical details arising under certain laws. If you are seeking legal advice to address specific privacy issues, you should consult an attorney licensed to practice in your state.