Privacy Policy: “If you don’t have one, get one!”

As privacy laws and data protection changes globally, it has become more important than ever to make sure your website is equipped with a privacy policy.

As Woody from Toy Story would say:

“If you don’t have one, GET ONE!!”

What Is a Privacy Policy?

It is a legal document that specifies what personal data your website collects from your website visitors, what your company does with the data and how you keep the data safe. This document should be easily visible and accessible on your website and it must contain the word “privacy” (these are required for CalOPPA, California Online Privacy Protection Act ). In some cases, a privacy policy is mandatory by law. In all cases, they are good protection for your company and those that visit your website. What information your website collects will determine the specific language your privacy policy should include. While privacy protection regulations have been in existence for a long time, they have not been vigorously enforced. With the recent introduction of GDPR, the enforcement of such policies may result in penalties and fines for your company.

Compliance is fairly easy as most attorneys have a basic privacy policy template they can provide to clients or there a many online services that will generate a policy for a fee. These are just a couple:

What should be included in your privacy policy?

The specific language to include in your privacy policy will depend on the kind of information collected and the third-party tools your website uses.

However, here is a list of general information to be included:

  • The type of information you will be collecting (Name, email address, IP address, phone number, mailing address, etc.)
  • Your business name and contact information
  • How you collect information from your visitors and what it will be used for
  • Can they opt-out of sharing information and how do they contact you to do so
  • If you utilize third-party services to collect, process and/or store information (example: email marketing services, advertising services or loyalty/rewards programs)

If you are unsure, consult a legal advisor to be confident you have all your bases covered.

What is GDPR?

GDPR or The General Data Protection Regulation is a European privacy law. It was recently updated to strengthen the data privacy and protection for site visitors with the EU, both citizens and non-citizens and covers the transfer of EU personal data outside of the EU. The GDPR became enforceable on May 25, 2018. This is why you have probably noticed many sites sending emails or posting alerts to let you know their privacy policy has been updated.

As with the privacy policy, the GDPR requires site owners to be transparent with what data is collected and how it is used and /or shared. It also allows for site visitors to have more control over the collection and sharing of their personal data and presents a big change for data protection for both EU-base and non-EU-based businesses that collect personal data from EU citizens.

While laws and regulations may feel limiting and cumbersome, the overall goal is around protection and proper use of private consumer data. They will vary in different areas and for different business types, but one thing remains the same: if you own a business that operates a website, you likely need a Privacy Policy that complies the laws and jurisdictions where your website users live.

**This blog is intended for informational purposes only and is not intended as legal advice.