a Privacy policy is

A privacy policy is a document telling visitors to your site what information you collect and what you do with that information.  Very simply: it is a short explanation of what you are doing to observe visitors to your website.

Information to include in a Cookie Specific Privacy Policy:

1. What cookies are
2. What info is collected
3. What is done with the information
4. How to reject / delete / accept cookies
5. Explain there are no harmful technical consequences/risks

Two good reasons to develop a privacy policy

1. Create a better electronic environment on the internet
2. Laws / legislation may pertain to your business

By letting people know what info is collected and what is done with that information, you can create a transparent environment in which people / consumers are more confident. You can eliminate stress and concerns about abuse of personal info.

Various legislations and legal guidelines, for example in the US and in the UK, are being developed and may affect your website, depending on what information you collect, how you do it, and what you do with it. The European Union has developed similar guidelines that contain a bit too much legal rhetoric to be completely useful.
See resource list below for reference websites.

Formatting an Online Privacy Policy

Your policy should be written in plain readable language. Consider the policy to be a part of your site. Design the policy and publish it like the rest of your site. Design it as if you actually want people to read it. Make it short, friendly & intuitive. It should be easily accessible throughout your site.

A Sample Privacy Policy

www.mysite.com uses www.opentracker.net to collect visitor data and analyze traffic on our site. This information helps us understand customer interests and helps us improve our website. When you visit our site, the pages that you look at, and a short text file called a cookie, are downloaded to your computer. A cookie is used to store small amounts of information. This information is collected for traffic analysis only. The cookie does not contain personal details. Depending on the browser that you use, you can set your preferences to block/ refuse cookies, and/ or notify you before they are placed. Opentracker does not sell, give, or trade the statistics they store to any 3rd parties for data-mining or marketing purposes. Please visit www.opentracker.net for their privacy policy.

Designing your privacy policy

Tell your visitors why tracking cookies are good, why the information is beneficial, that it is used to improve websites and their content. Give an example. If you are collecting information, tell them what you do with that information. Give people an opportunity not to have their info collected, for example by blocking cookies. Explain how people can block cookies. Also explain that cookies are not harmful and cannot introduce viruses or extract personal contact information.

Why all the fuss?

There is an important distinction to be made here between cookies and spyware. Spyware collects information about your surfing habits across the internet and sends this information out from your computer. Cookies collect information about your surfing habits only on the site of the provider of the cookie, in other words just on one site.

From our research it appears that most people are concerned that their personal information may be passed on. In this case, there is an important distinction to make between Two Types of Information which are collected:

1. Personally identifiable info/ personal contact info
2. Clickstream/ navigation info

Specific to concerns about cookies, the information being collected does not contain personally identifiable information. Clickstreams are used to see if people return to the same sites, and identify patterns. 

When databases are combined, for example a membership & login base, with a clickstream tracking system, it is possible to combine personal information, such as an email address, with clickstreams. This is where the main cause for concern seems to lie.

The companies that do this; with the resources to combine clickstreams, past purchases, and personal information, are household names, such as amazon.com, ebay, bbc, yahoo, etc.

Further Reading

We also recommend taking a look at the privacy policy of a company or website that you like or respect to see what information they consider to be important.

Here is a privacy policy generator where you can also find information about legislation in the US (specific to California):

http://www.the-dma.org/privacy/creating.shtml

Legislation in the UK:

http://www.aboutcookies.org/howtocomply.asp

Obviously there is a very real concern for a lot of people that their privacy is being abused. We would like to respond to these concerns, primarily through education, but also by opening up a dialogue on any related questions or ideas. Please feel free to write us, or post feedback on our forum.