* How you collect information from the visitors of your website and customers
* You must describe details of what information you collected from your visitors ad customers
* You must convey and explain what you do with all that information. How it is stored and the location of the storage.
* You must give instructions for how visitors or customers can change or remove the information.
* Disclosure of other parties you would share information with.
The Better Business Bureau has a sample policy which can be found here:
If your website is an E-Commerce website or you allow you clients or customers to pay by credit card, you must also comply with the Payment Card Industry Data Security Standard. Failure to comply with the standards can result in fines up to $500,000 per incident or possible cancellation of your merchant credit card processing account. While all businesses must follow these standards, if you make fewer than 20,000 transactions per year, validating (i.e. proving) your compliance is optional.
The PCI standards require your business to do the following:
* Protect data that is stored with you.
* Implement security systems and applications such as firewalls and antivirus software.
* Have a firewall at all times to protect data
* Use anti -virus software and have it updated regularly
* Have your own unique system and security passwords
* Encrypt transmission of cardholder data and other sensitive data across all public networks
* Restrict employee business access to data based on the needs and job description of your employees
* Track and monitor all access to network resources and cardholder data
* Maintain an information security policy