Visit just about any website these days, and it seems you are hit with GDPR notices, cookie warnings, and privacy policies. Does your website need a privacy policy? If you’re collecting any kind of data on your website, then yes, you most likely need one. However, a lot of small businesses may not know what a privacy policy actually is. That’s why in this post, we’re breaking down the answer to “what is a privacy policy,” and explaining why you need one. Let’s dive in. Details What is the Purpose of a Privacy Policy.
What is a Privacy Policy?
A Privacy Policy is a legal document that tells your website visitors what data you collect on your website, and what you do with that data. Privacy policies can also include visitor information like:
- Why you are collecting data
- How long you store the data you collect
- Where you are storing the data
- How you are collecting the data (i.e. via cookies, forms, analytics)
- The ways you plan to keep the data safe
- Any third-party services you’re using to collect, process, or store that information (such as an email newsletter service, or advertising network)
- Whether or not the information being collected is optional and how users can opt-out
What types of data would a company collect?
- Names
- Email addresses
- Location
- Phone numbers
- Birthdates
- Credit and Debit Card Information
- Addresses
- Sites visited or frequented and more
Do I Need a Website Privacy Policy?
Legally speaking, it depends. According to the Snell & Wilmer Cybersecurity and Data Privacy Law Blog, “There is no general federal or state law that requires a company to have a privacy policy in all circumstances.”
That is not to say that there aren’t laws about privacy policies in some parts of the world, however. For example, some countries and states require them if you’re doing business with the residents of those areas. Because of this, not having a privacy policy could cause liability and legal issues if you choose to do business in those specific regions.
Having a privacy policy is also recommended for e-commerce businesses that handle sensitive data like credit card information. Not only should you ensure you are meeting PCI DSS compliance standards, but including a privacy policy that clearly outlines these standards enhances customer trust and loyalty knowing transactions on your website are secure from hackers.
Below are a few examples of privacy policies:
- EU General Data Protection Regulation, better known as GDPR – This is the most popular example of new privacy regulations business owners are facing online right now. It currently applies to companies doing business in the European Union, but variants of the policy are making their way into the United States as well.
- Children’s Online Privacy Protection Act (COPPA) United States
- California Online Privacy Protection Act United States
- Privacy Shield United States
- Australia’s Privacy Principles (APPs)
- Personal Information Protection and Electronic Documents Act (PIPEDA) Canada
In addition to avoiding legal complications, having a privacy policy is a great way to increase trust and credibility with your visitors. The main reason for this is transparency. Consumers prefer to work with companies that are transparent.
Think about it. If you thought a company was hiding something, would you trust that your transactions were secure? Perhaps not. Would you believe that purchased goods were of the best quality? Not necessarily.
The truth is, it’s unlikely that you would want to do business with a company if you didn’t trust them.
Privacy policies are just one of many factors in the transparency of a company. It’s a key reason why it’s so important that you have one, even if they aren’t yet legally required where you do business.
Once you decide to create a privacy policy, however, you might start wondering what to include in yours.
What to Include In Your Company’s Privacy Policy
We’ve already addressed some of what should be included in your company’s website privacy policy above. Still, there are some additional things to consider when preparing yours. At a minimum, your privacy policy should:
- Use easy to understand language that doesn’t require a law degree to read
- Be published on a page of your website that can be referenced later, instead of just a single pop-up that disappears after a visitor clicks away from it
- Include your business name and contact details as well as any other business names you might be known under (i.e. LLCs, DBAs)
- Include information about third parties that may have access to the data you collect (i.e. Google Analytics, and Amazon Associates)
- Be reviewed regularly for any updates if necessary
- Allow your consumers to have an option to opt-out of data collection
Finally, your website privacy policy should be reviewed by an attorney before it gets published. This way you can ensure you haven’t left out any important information, and you’re better protected legally.
While navigating the waters of privacy can be tricky, these few tips can go a long way in helping your business build the reputation, trust, and longevity your customers expect. Wherever in the world you’re doing business, remember that it’s always a good idea to keep your ear to the ground for changes in policies that could affect your company online.
