If your company operates a child-oriented website, fully complying with COPPA is the only way to reduce the risk of a million-dollar fine.

this year experienced the FTC's years-long watch over the efficacy of online privacy policies. Facebook had been making regular updates of its privacy policy in ways that the FTC deemed confusing to users. The FTC also took issue with Facebook not defaulting to the most privacy-friendly setting. As part of the settlement with the FTC, Facebook has to conduct semiannual privacy audits for the next two decades.

Two product companies incurred the largest fines in this area. The FTC found that LifeLock and ControlScan misrepresented the level of privacy and security protection their products offered, penalizing them $12 million and $950,000, respectively, including equitable relief. Others, such as Sears and Metro Home Mortgage, found themselves at the short end of the stick with the commission after making promises in their privacy policy that they weren't keeping.

What are the best ways to reduce the risk of an audit of your privacy policy? The most important measure is to keep your inventory of personal data up to date so that you can ensure that you say what you do and do what you say. If you need to change your privacy policy in ways that are privacy-unfriendly, do it in a very transparent way that gives your consumers plenty of notice and time. And if you're a product company, complete a privacy-impact assessment before launching your product.