Privacy Policy

Generally speaking, if you collect information about someone when they visit your site, its best to have a privacy policy to let users know exactly what you will (but most importantly what you won’t) do with their information.

Nine times out of ten, the privacy policy will be a generic legal statement that basically says you’re not shopping your users info to third parties. In addition, your site generally won’t have the ability to capture much information at all aside from perhaps a generic cookie, or, if your site has comments and user registration enabled, their username. Other than that, you (and your users) can rest assured that your site (unless specifically built to do so) will not collect much information and that the information it does collect is entirely harmless. A privacy statement simply lets users know this.

Special care must be taken, however, on sites that have any kind of contact form or other user-input form that sends data over the web. These forms are not secure and any personal information sent over them could potentially be intercepted. Therefore we urge clients to use a disclaimer with any such contact forms to remind users not to include sensitive data like account numbers or social security numbers. As a site administrator, you can help mitigate the risks by simply not asking for information that you do not absolutely need when using a contact form.

It’s Me 247

For our credit union clients, an addendum to the generic privacy policy as it relates to It’s Me 247 may also be advisable. Using the following copy (or some variation which contains the same basic information) in your privacy statement is therefore not a bad idea:

It’s Me 247 is an online banking product that has been designed to safeguard your money and privacy by using the latest Internet security technologies. To further ensure security, these protective technologies have been applied in layers to address each phase of the online transaction.

Transmission security is provided by using 128-bit SSL encryption Technology that allows for private, secure communications between your PC and the It’s Me 247 server. Your Internet browser software (MS Internet Explorer or Netscape Navigator) must be equipped to handle 128-bit encryption in order to use home banking. – the strongest currently available – ensuring that only you and the It’s Me 247 online banking systems are able to read the transaction information as it flows across the Internet. Through our use of VeriSign digital certification (www.verisign.com), you also can be assured that you are communicating with the legitimate It’s Me 247 server, and not an imposter.

User account security is furnished through the use of a unique Member Account Number or Username and Password combination known only to you. Without this information, accessing account data and initiating transactions online is impossible.

Access security is provided by a combination of segregated network architecture, hardened server configurations, and redundant firewalls. Our segregated network architecture separates the online banking servers from the systems that contain member data. Consequently, member data may only be exchanged between these systems through the use of a valid member request following verification of member account number/username and password. Internet-based attacks (hackers) are stopped through the use of redundant state-of-the-art firewall technology and hardened server configurations.

To further ensure that It’s Me 247 online banking security measures continue to meet the ever-changing security threats of the Internet, the system is reviewed on an ongoing basis by regulators and expert security consultants, and monitored by network engineers.

WordPress Privacy Policy Plugin

Non-credit union clients for whom the generic privacy policy and the It’s Me 247-related statement are not applicable may opt instead to use a privacy policy generator. As of 2008, Google has required all sites using its AdSense product to have an AdSense-compliant privacy policy displayed on their site. The Privacy Policy Plugin for WordPress does just that. So far, Eric Giguere, the plugin’s author, has been on top of ongoing changes to the AdSense privacy policy requirements and has updated the plugin accordingly. Note that as the AdSense requirements change, you will need to keep your privacy policy plugin up to date. If your SiteControl site is hosted with WESCONet Web Services, you’re all taken care of; we keep plugins and WordPress releases up to date for you.