BrightWave's Simms Jenkins shares 10 things that will make sure your privacy policy keeps you out of hot water.

Online privacy policies are something most marketing managers disdain or, even worse, overlook. But they are crucial on many fronts. Just like buying a house, the paperwork piles up and one wants to move on to the more exciting part of the transaction. But a website without a privacy policy is a dangerous thing to build.

Even if your website has a privacy policy, does it cover key things related to your email communications? Many websites do not contain privacy information related to this key component of their customer and prospect communications.

This is a dangerous line to walk if you want to ensure your company is in line with best practices for email and privacy issues.

Some key things to consider when creating or evaluating your privacy policy and email marketing programs:

1. Cover your bases legally -- With CAN-SPAM and the new strict (and controversial) laws in Michigan and Utah, it is better to be safe than sorry. You should state point blank that you are CAN-SPAM compliant. Clearly explain how to unsubscribe and the difference between promotional and transactional emails.
2. Don't water your privacy policy down with too much legalese. Of course, it is a challenge for any marketer to get a legal team to do, but it is imperative that your privacy policy be clear to any grandmother or internet novice. There is no sense in making it confusing when you are trying to accomplish transparency with your privacy policy. If it doesn't make sense at first glace, you are asking for trouble.
3. Deal head on with phishing and other email scams -- especially, if your company is a major brand or potential phishing target, it is best to address this in your privacy policy and potentially have a separate section for consumers to review so that they can make sure their privacy is safe in your hands. The potential fallout on this is having your recipients stop opening or responding to your emails because they are unsure whether or not the emails are legitimate.
4. Address The Children's Online Privacy Protection Act (COPPA). This act requires the consent of a parent or guardian for the collection of personally identifiable information from children under 13. A proactive stance deals with this sensitive subject as well.
5. Talk about links to other sites -- many email communications, especially newsletters, link to sites other than their own. You should address proactively that if users click a link to another site, then your privacy policy does not govern the other sites. This may seem like common sense, but it's important to state it clearly.
6. Include how you treat your data. This could relate to vendors who manage customers' email list or manage campaigns. Since most companies, if not all, use reporting metrics to analyze their campaigns, you should disclose this.
7. Link to neutral and trusted third parties. Include a link to the FTC, Better Business Bureaus or TRUSTe site for further information, especially if you are accredited with any of them. The privacy policy works both ways -- to protect yourself and your users. By including third party information, it can provide a mirror to demonstrate that you are in line with your industry and generally accepted business practices.
8. Provide contact information for privacy policy issues or complaints. Make sure customers feel that you are there for them. An email address and/or phone number should be available on your site. If nothing else, this lets visitors know this is not just boilerplate language but a resource for their benefit, in addition to the company's.
9. Have your legal and marketing teams review your policy at least twice a year. Your company would also be well advised to hire an outside firm to bring a set of unfamiliar eyes to find holes in your policy.
10. Plan for the worst. Have a contingency plan in effect in the event of any accusations of privacy policy breaches. While hopefully this will never be implemented, it always pays to have emergency-related plans lined up in advance. And, in my book, a customer accusing you of privacy policy violations is an emergency, whether it is an accurate claim or not.

In one client engagement, our team at BrightWave Marketing evaluated a major industry's privacy policies. We were shocked to see how many major companies failed to include many of the basics, including an easy-to-find and read privacy policy.

Many companies failed to even touch on email marketing privacy issues despite the fact that they all use email as a major customer channel. 

The goal here is not to panic or scare your boss. Instead, the goal is better to assess these items and reflect on how your privacy policy should be edited to incorporate your email marketing efforts. Since so much time, effort and resources is put into your messaging and branding, why not offer the same attention to this decidedly unsexy part of your online presence?

You will be thankful when you do and can move on to the more exciting parts.

G. Simms Jenkins is Founder and Principal of BrightWave Marketing, an Atlanta-based email marketing and customer relationship services firm. He has extensive relationship marketing experience on both the client and agency side. Jenkins has led BrightWave Marketing in establishing a large client list, including marquee clients like GMAC Insurance, CoreNet Global and The Atlanta Journal - Constitution. BrightWave Marketing has become a leader in the Email Marketing outsourcing space by using their expertise in strategy, design, list management, segmenting, delivery and analysis. Jenkins has been recognized by many media outlets as an Email Marketing and CAN-SPAM expert. Prior to BrightWave Marketing, Jenkins was Director of Business Development at two high-tech start-ups and headed the CRM group at Cox Interactive Media, a unit of media giant Cox Enterprises.