I've always been a stickler for advising my clients to comply with applicable laws regarding the posting, maintenance, and amendment of their privacy policies and related regulations regarding data security. The reason... because there's substantial exposure to liability if you don't.Recently, however, I've been advising clients to do these things for another reason -- to improve their conversion rates. That's right!I'll let you in on a little secret that I've learned from some of the big players on the Web... you might be surprised to learn that they believe their privacy policies are a significant factor in improving their conversion rates.How can this be?A Little HistoryWay back in the 2000-01 time frame, trite little phrases like "we respect your privacy" were the norm. The Federal Trade Commission (FTC) had provided guidelines for privacy policies, but there was no federal statute mandating that websites post a privacy policy.Things really began to change in 2003 when California enacted the California Online Privacy Protection Act of 2003 (OPPA) which became effective on July 1, 2004. OPPA is the first state law in the nation to require owners of commercial websites or online services to post a privacy policy.Although OPPA is only a California state law, it has essentially become a de facto federal law. This is because OPPA's reach extends beyond California's borders to require any person or company in the United States (and conceivably the world) that operates a website that collects personally identifiable information from California consumers to post a conspicuous privacy policy on its webite that makes the required disclosures.After OPPA, the collection of personally identifiable information from a California resident triggers the application of its privacy policy regulations. So, if you collect only an email address of a website visitor from California, OPPA applies... and you enter into a realm of of significant regulation and exposure to liability.Post-OPPA Privacy PoliciesPrior to OPPA, most online customers trusted and believed in the typical "we respect your privacy"-type statements. Affer OPPA, not any more!The effect of OPPA was widespread and fairly uniform. Online ecommerce companies either modified their privacy policies to comply with OPPA, or they jumped on the OPPA bandwagon and posted a new OPPA-compliant privacy policy.These OPPA-compliant policies are fairly easy to identify because they require you to describe:* how you collect information (for passive information, describe how you use certain methods as cookies, Internet tags or web beacons, and navigational data collection);* the categories of information you collect (for example, for personal information - email address, name, physical address, etc. and for passive information - a detailed description of the categories of information collected through such methods as cookies, Internet tags or web beacons, and navigational data collection);* how you use the information;* how you share the information and for what purposes you share; and* how users may modify and update their personal information.ConclusionSince OPPA-compliant privacy policies are easy to spot, knowledgeable online shoppers can quickly determine if a website is OPPA-compliant. And If your privacy policy doesn't measure up, knowledgeable customers may not have the requisite level of trust to convert -- especially if you're a smaller player on the Web and not a household name.Think about it... marketers tell you that little things count in terms of building the level of trust and credibility that fosters higher conversions. Things like:* posting security certifications,* posting relevant affiliations,* posting testimonials, and* offering a money-back guarantee.I believe that posting a privacy policy that is clearly OPPA-compliant, is at least as important in terms of building trust and credibility as those items listed above. And some of the big players on the Web agree.