Do I really need a Privacy Policy?
In short, if you have a business website, you need a privacy policy. It’s the law.
A privacy policy is a page on your website that details what information you collect from your users, how you use it, and how you keep it private.
The California Consumer Privacy Act, known as CalOPPA, requires website owners to display a privacy policy with a clear, easy-to-find link to it on their website. While the law has been in effect for quite some time, it has recently been strengthened.
While the California law is the strongest, other states have or may soon enact their own laws. It is up to you, the website owner, to stay informed of changes to these laws.
If your site does not yet have a privacy policy page, now is the time to make one.
But my website is not in California?
All websites that could have California users should comply with this law.
If you have a website, it is collecting information about its users. All websites collect anonymous information about site visitors – what device and browser is used, what pages are viewed, general location of the user; that’s just how web servers work.
If your site is selling or has a contact form, you are also collecting personal information such as name, contact info, purchase history.
Benefits of a Privacy Policy
Displaying a privacy policy can help give customers greater confidence in your website or service, especially now as consumers are increasingly concerned about improper use of data and protecting their personal privacy online.
How can do I comply?
Fortunately, it is very easy to comply. First you need to develop your privacy policy.
For many businesses that do business only in the US, a basic boilerplate policy will do. The Better Business Bureau has a sample privacy policy on their site you can use as a starting point. There are a number of sites with online privacy policy generators, free or fee. Your web developer may also be able to help you put your privacy policy together. Or you may want to consult your attorney.
What should I include in my privacy policy?
The exact required contents of your privacy policy depends on your business and what information you collect.
Your privacy policy should written in easy to understand English with the word ‘privacy’ in the title.
Your privacy policy must include:
- The KINDS of information gathered by the website. This includes personal information and statistical information.
- The PURPOSE of data collection and how it could be used such as for marketing or statistical analysis.
- How the information is STORED.
- How this information will or could be SHARED with other parties such as Google Analytics.
- How a user can OPT OUT or have their personal information removed.
- NON-DISCRIMINATION statement saying the users who OPT OUT will not be treated differently.
- How “DO NOT TRACK” requests are handled. You aren’t required to respond to requests, but you’re required to disclose whether you do or not.
- How you NOTIFY USERS of any changes to your privacy policy.
- The DATE of publication or last update to your policy.
If your site visitors are from outside the US, especially in the European Union, more stringent laws apply and you should familiarize yourself with those requirements.
If your site caters to children under age 13, or is in the medical or financial sector, special requirements may apply.
Finally, your privacy policy is a legal document. While there is no legal requirement that a lawyer be involved when writing your Privacy Policy, you may want to have your attorney review it to make sure it meets with your business needs.
If you don’t have one already, I hope this article has convinced your that “Yes, you do need a privacy policy” and an introduction to “What your privacy policy should include”.
Need Help Adding a Privacy Policy your Web site?
call: 541-582-0597
Or