If your Web site collects personal information from visitors, you may need to create and implement an online privacy policy. A privacy policy is particularly important for a Web site which collects personal information from children, or if the company has European customers.

The Web site posting of a privacy policy is a good business practice because it tells visitors how their personal information that is collected will be handled. Studies have shown that consumers are reluctant to transact business via the Internet due to privacy concerns, and that consumers would "rather forego information or products available through the Web than provide" personal information without knowing the site's information practices. In addition, an effective privacy policy may be required by law.

Creating an Online Privacy Policy outlines some of the issues that should be considered in drafting and implementing an online privacy policy.

In October 1998, the European Union's Data Protection Directive took effect. The Directive, which requires European Union (EU) member countries to enact statutes which regulate the processing of personal data within the EU, may have vital trade consequences. This is due to the Directive's Article 25, which requires that personal information may only be transmitted outside the EU to a country which ensures an adequate level of protection for the subject of the data. EU officials have indicated that those countries without legislation or some other formal mechanism protecting the information privacy rights of individuals will not be regarded as ensuring adequate protection.

This article discusses the provisions of the Privacy Directive; the privacy policies of the U.S., Australia, Canada, and Japan; and pronouncements by European Commission officials which may give some guidance as to the EU's position toward the data privacy policies of other countries. The article concludes by urging entities to establish privacy policies which ensure that all personal information will be handled in a manner which protects the privacy of the affected individual.

Our privacy may be lost in cyberspace. A significant amount of personal information is available in online databases and on the Internet which can be searched by others to find information about us. In addition, massive amounts of data are maintained about us in government and private sector databases. This information may be used by long-lost friends hoping to find us, but it is also used by the government, marketers, credit institutions and others in making decisions that affect our lives.

This article discusses 1) how privacy may be invaded electronically; 2) the tools and procedures that are available to help protect individual privacy, including technology-based procedures such as encryption and anonymous servers, as well as measures employed by the information industry; 3) the state of U.S. privacy law; and 4) proposed fair information practices guidelines. Also discussed are workplace e-mail, unsolicited commercial e-mail, cookies, children's online privacy, search engines, and electronic commerce.

Susan Gindin's letter to the Editor of St. Louis Post-Dispatch is posted in full because it presents an overview of the legal issues which have arisen as a result of Internet use in the workplace, and it corrects a misquote of Susan Gindin in the May 9, 1999 issue. The letter was substantially abbreviated by St. Louis Post-Dispatch when published in the Letters to the Editor column.