The importance of fully disclosing (and abiding by) your company’s privacy policies was underscored last month when the U.S. Federal Trade Commission issued a consent order barring Epic Media Group, LLC, an online advertising company, from engaging in “history sniffing” -- a tracking technology which allows online operators to “sniff” a browser to detect websites that consumers have visited in the past.

In its privacy policy, Epic claimed that it would collect information only about consumers’ visits to websites within its own advertising network. However, according to the FTC, Epic in fact used history sniffing technology to collect data about customers’ visits to sites outside its network, including sites relating to the users’ personal health conditions and finances. The FTC complaint described how Epic set cookies on the Internet browsers of consumers who visited its sites and then tracked the customers’ web surfing outside Epic’s own network, including which sites they visited and which advertisements they viewed (presumably to use the information to facilitate behaviorally-targeted ads). The Order requires Epic to permanently delete and destroy all data collected from its history sniffing and bars Epic from misrepresenting its privacy policies, including the extent to which user data is collected, used, disclosed, or shared, and whether a software code on a web page determines if the consumer has previously visited a website.