The majority of websites allow free access of their privacy policies to their website visitors. All personally identifiable details that are gathered should be specified by the privacy page. These personal details include name, credit card number, and address. Also, other details such as uploads, browsing habits, downloads, order history, and cookies should be specified. The policy is meant to explain if data such as cookies will be stored on a user’s personal computer. According to best practices, it’s mandatory for the policy to reveal if data would be sold to or shared with third parties and in a case where it occurs, its purpose should be stated.
The contention between privacy policies being legally binding or not and consistent enforcement have not been agreed upon. In the U.S., the enforcement of industry self-regulation and existing laws are promoted by the Federal Trade Commission (FTC). For the FTC, once money is not lost during a breach, legal actions are not executed as a result of data breaches.
The Data Protection Directive of the European Union has questioned a company such as Google concerning privacy changes which violated the E.U. law. Hence, threatening penalties on the big company.
Seal programs or online certification are instances of industry self-regulation of privacy policies. Usually, seal programs demand fair information practices implemented in which the certification program is the determinant. Continuous compliance monitoring may be required as well. TRUSTe was the first online privacy seal program and by 2007, it comprised over 1,800 members. Trust Guard Privacy Verified program, Webtrust, and eTrust, are other online seal programs.