Importance of Website Privacy Policies

Privacy policies, you know you have seen them, but do you have one for your website?

Well what is it? A website privacy policy notifies users how your business will collect, store, use and protect their personal information. We all know in a world of hacking and scams, keeping our personal information is so important!

No model privacy policy works for all or even most websites. Instead, a website privacy policy must be carefully drafted to specifically reflect your business’s actual or anticipated information collection and privacy practices.

Why You May Need a Privacy Policy

A business should maintain a privacy notice if it any one of the following:

Collects personal information or information that is or reasonably can be associated with a particular customer, computer, or mobile device.
Maintains a website, mobile application, or uses cookies or other tracking technologies that California residents may access.
Engages in online behavioral advertising.
Is a member of the Network Advertising Initiative.
Operates in any of the following industries:
o financial;
o healthcare;
o education;
o businesses directed towards children;
o businesses collecting information from minors under 13 years of age; or
o other regulated industries

Even if the business does not collect, use, disclose, or share personal information and is not required by law or industry standards to maintain a privacy notice, many businesses find having a privacy notice is still valuable! Below are a couple of benefits beyond only complying with the laws. — I like to say the laws should be the benchmark not the goal.

Marketing benefits, to reassure consumers that their information is appropriately collected, transferred to third parties, or otherwise used.
Avoiding regulatory oversight or unwanted attention by the FTC and other state and federal agencies.

Elements of an Effective Privacy Policy

A website privacy policy should always state its effective date and address the following privacy principles:

Notice. The policy should clearly inform visitors about the types of personal information collected and describe in detail how it is collected, used, and shared.
Choice and consent. The policy should provide visitors with choices regarding how their personal information is used or disclosed and may need to obtain consent if it is used for purposes unrelated to the business’s interaction with the visitor.
Access. The policy should describe how users can access, correct, and remove any personal information collected by the site.
Security. The policy should describe the steps taken by the site operator to protect personal information.

Potential Legal Issues

Websites that collect user information should post a privacy policy on the site to disclose the site operator’s information collection and privacy practices. In the US, website privacy policies must comply with applicable privacy and data security laws, including:

Federal Trade Commission Act, regulating unfair or deceptive business practices and providing guidance on consumer privacy disclosures.
Children’s Online Privacy Protection Act, regulating the online privacy of children under 13.
Gramm-Leach-Bliley Act, regulating personal information held by financial institutions.
State privacy laws, particularly for business serving customers in California

If You Have Customers in California, Nevada, or Colorado

California has been a leader in protecting the privacy of its residents, including when accessing and using websites. Websites that collect, sell, share, or use information about residents in one of these states must ensure their notices address these states’ unique requirements.

International Considerations

Although compliance with foreign privacy and data protection requirements is outside the scope of this website privacy policy, US-based website operators that collect personal information from website visitors residing outside of the US or that operate in foreign jurisdictions (for example, by storing or hosting personal information in non-US jurisdictions) may be subject to privacy and data protection laws in those jurisdictions. You should be aware that some foreign jurisdictions, such as the EU, may have comprehensive privacy and data security laws that are more stringent than US laws. These laws may require prior, explicit user consent for: certain data collection techniques, such as the use of cookies; and the collection and use of certain sensitive information.

Must Know Tips

CATEGORY

3/21/2022

POSTED

Importance of Website Privacy Policies

Leave a Reply

Your email address will not be published.