We recommend that any website that is going to allow for, or collect registration information from users (virtually any e-community) follow these guidelines:

• Have a stated privacy policy with a link to it on your home page.
• Require acknowledgement of the privacy policy during registration.
• Do not collect any profile information that would indicate age.
• Allow users to review and change their profile information. 
• Include the ability to opt-out of future communication in all e-mails and newsletters.
• Establish a DMCA agent and display a related notice on your home page.          

Consumer privacy on the Internet has been predominately based on industry self-regulation in the US. The FTC had previously only issued suggested guidelines regarding the collection of personally identified information.  These fair infromation practice principles were outlined in a 1998 congressional report, and reviewed again in a 2000 congressional report. (Click here to see report). The suggested practices are based on a doctrine of informed consent with industry self-regulation.

The Children’s Online Privacy and Protection Act, (COPPA) effective April 2000, defines specific rules for website operators that collect personal information from children under 13 years of age.  Enforcement authority was provided to the FTC (Federal Trade Commission).  The act applies to commercial websites and online services that are either directed toward children under the age of 13, or general audience websites that have actual knowledge they are collecting personal information from children.  

An important law for any website owner or operator to be aware of is the DMCA (Digital Millennium Copyright Act).  This law basically provides website owners and operators with a safe harbor from claims of copyright infringement over their website content. This means you are protected from lawsuits regarding copyright infringements if someone posts protected material on your website. This is a particularly critical issue for websites that allow content from community members, as you don’t know if what you are getting original material or not. It is also applicable for individual bloggers who may inadvertently include copyrighted material and/or images in their content.

The CAN-SPAM (Controlling the Assault of Non-Solicited Pornography And Marketing) Act, passed in 2003, established national standards for sending commercial e-mails and provided enforcement jurisdiction to the Federal Trade Commission.  The act does not apply to just bulk e-mails but to all e-mail messages.  The bill also exempts “transactional or relationship messages” and permits e-mail marketers to send unsolicited e-mails as long as they adhere to 3 basics types of compliance. 

In the absence of general privacy laws in the US, there have been several industry specific laws passed which may have bearing on websites and Internet activities related to certain applications.  Discussion is beyond the intent of this section, but they are listed for purposes of general information. This list is not inclusive.

HIPPA - Health Care Information Portability and Privacy Act -  Addresses issues related to electronic personal health information data.

Gramm-Leach-Bliley Act -  Addresses privacy related to personal financial information.  

FERPA - Family Educational Rights and Privacy Act -  Addresses privacy related to personal educational records.