Although there’s no specific federal statute governing the establishment of privacy policies, a number of states have implemented statutory and/or regulatory approaches to the gathering, use and dissemination of personally identifiable information. Moreover, the FTC has pursued action against website operators for unauthorized use of personally identifiable information about their site’s users.
WHAT IS PERSONALLY IDENTIFIABLE INFORMATION?
Personally identifiable information is data collected online about a particular site visitor, user, customer, etc., and frequently includes that person’s name, address, email address, phone number, social security number, and other information that allows either online or direct physical contact with the user.
It should also be noted that when a site serves children, the site operator must obtain verified parental consent for the collection and use of a child’s information (required under the Federal Children’s Online Privacy Protection Act)