E-retailers need to make sure vendors, and their own employees, respect privacy policies.

E-retailers may open themselves up to complaints or lawsuits if their privacy policies don’t keep pace with their actions, said Kurt Olender, founder of privacy and security consultancy Acentris, during a presentation at the Internet Retailer Conference & Exhibition 2011 in San Diego.

Co-presenter Aaron Mandelbaum, web marketing manager for e-retailer Big M Inc., said that with e-commerce in a state of near constant change, it can be difficult to make sure that consumer data is protected when shared with vendors. “When your company engages with vendors, you will have to make sure that their practices are in line with yours,” he said.

The job doesn’t necessarily become easier with time. The pair presented a generic privacy policy created in 2005 and compared it with one that encompasses how data are collected and used today, highlighting how the 2005 document barely reflects current data-collection practices. “These are not static documents,” Olender says. “Your policy has to evolve as your business evolves.”

The presenters urged e-retailers to make sure they and their vendors are following their privacy protection plans. Mandelbaum said that any time Big M evaluates a vendor that will have access to customer data, the retailer makes sure the vendor’s privacy policy is in line with Big M’s.