Why your website needs a Privacy Policy.

Contracts
Written By Marissa Pollock

Most countries around the world, including some states in the US, now have privacy and data protection laws in place to protect website users and customers online. You'd be hard pressed to find a website that doesn't need some sort of privacy policy. Most small businesses collect personal data, and have to abide by these international laws. Meaning you, as a small business owner, most likely has to comply with these privacy laws.

What is personal data?

Personal data includes things like names, addresses, localizations, online identifying information (such as emails and handles), and more. It includes information that can directly or indirectly identify individuals, including information that is assigned to individuals such as credit cards and telephone numbers. It also includes information that can be tracked automatically through analytics and cookies, like IP addresses.

What are some activities that lead to the collection of personal data?

The types of information you collect on your website usually depends on the purpose of your website and your industry. Some examples of the types of things you do, offer, or provide on your website that would indicate you really NEED a privacy could be any of the following:

 -       collect emails (such as form submissions for email lists);

-       offer sign-ups for notifications;

-       allow user comments, positing, or any type of contribution;

-       offer purchase of physical or digital goods or services, free or paid, through your website; and

-       auto collect any information about who visits the website (hint, hint, like cookies, beacons, and analytics).

 

The privacy laws that apply to you and your business depend on where the user of your website is located, not where your publishing information or where your business is based. This means that if the user of your website is based in California, then California privacy laws apply; if the user is in the EU the GDPR will apply.

There are financial penalties for non-compliance with privacy laws. These penalties generally depend on the location where the violation took place. For instance, under California’s privacy laws, you could be fined up to $2,500 for EACH violation...meaning that EACH website user could be considered a violation, which can add up real quick! In the EU, fines are imposed proportionally, so some of the larger fines (for large international companies) have been in the multi-millions of dollars. And most of these locations with strict privacy laws, are very strict to enforce those laws.  

Even companies like Google have run into problems with privacy policy regulations. So as a business owner with a website, you should, most likely, have a good privacy policy that not only protects you and your users, but one that you follow and one you know covers your bases.

 

What should a privacy policy cover?

Privacy policies should include clear and explicit language to be sure your users understand what information you’re collecting and how you use the information.  A good privacy policy should cover at a minimum:

 

-       What type of data you are collecting;

-       What you are doing with that data;

-       Do you use any tracking, like cookies, analytics;

-       How long & how you store any information collected;

-       What safeguards are in place to protect the data;

-       How users can access their personal information and/or ask for corrections or deletions;

-       How users are notified to changes of the privacy policy; and

-       If any info is disclosed to third-parties.

A good privacy policy should reflect what your actual policies are.

A key component of a good privacy policy is not only defining what information you collect and how you use it, but also how you protect the information. You need to be sure to actually follow your privacy policy especially as it applies to protection of the information.   

You can also add some protections for yourself as well. We all know that nothing in the digital world is 100% un-hackable. So you can add a layer of protection for your business within your privacy policy if you emphasize that it's impossible to completely guarantee that user data will be immune from malicious attack or compromise, and that users should understand that their transmission of personal data is always at their own risk. This won’t absolve you of any liability, but it does show you are ensuring your users are on notice of this risk.

 Where should you have your privacy policy posted?

You should have your privacy policy published on your website, and it can be included in your footer or links to any legal copy you have on your websites. You should also make sure that you not only have your privacy policy on your website, but you should also link your privacy policy anywhere that you are collecting personal data. Email list sign ups and forms, link your privacy policy. Offering a digital product, free or paid, link your privacy policy. Offering digital signatures for signing your contracts for services, link that privacy policy! I’m sure you’ve seen this before, all those notices like “by entering your information, you are agreeing to our privacy policy”? This is important part of complying with privacy laws.

Fun fact: most web hosting platforms have plugins you can install and use on your website that allow you to request permission of the user for using the information; most of them allow you to hyperlink your privacy policy too!

Yes, global privacy laws are expansive and convoluted, but to protect your business and your users, it’s important to have a good privacy policy in place!

 

You might also like...

Blog
Why your website needs a Privacy Policy.
Why your website needs a Privacy Policy.
Collecting testimonials? You should have a testimonial release!
Collecting testimonials? You should have a testimonial release!
Marissa Pollock
Next

Looking to protect your brand? When to use the “TM” and “®” symbols.