Tools, Tips, Thoughts

Website Privacy Policies

The What, Why, and How of Privacy Policies

Privacy policies have been around for a long time, but many people are still unsure what they are and why they need them. 

Image of a open lock, background is computer code.

In a nutshell, website privacy policies outline how the website owners will use and protect the sensitive personal information they collect from their website visitors. 

Privacy policies often cover topics like the types of data collected (name, email address, physical address, credit card information, etc.) and how this information is used by the organization collecting it.

Why do you need a website privacy policy?

For your website visitors and customers

Website privacy policies are all about making sure that your visitors know what information you collect when they visit your website, how you use it, who else may see or access this data through sharing or transferring to third parties (such as advertisers), and any other ways in which their personal details might be used.  Having these policies available builds trust between you and your visitor – you are telling them that you understand you are getting information from them and that you will take measures to make sure it stays private.

Liability for data breaches is on the rise, with cyber attacks increasing in frequency and severity every year. Organizations that collect personal information are responsible to protect it from unauthorized access or misuse by third parties. When an organization fails to take appropriate measures, it can lead to legal liability if their customer’s data gets hacked and they face fines or public embarrassment due to negative coverage in mainstream media- which will cost your organization both time and money to defend. 

To comply with local and international laws

Privacy policies are also essential to help you meet the requirements of international and national laws.   

Starting in 2016, countries around the world began updating their laws regarding data privacy to address our quickly changing digital world.

The European Union was the first to push out a widespread and comprehensive privacy policy change in 2016 with GDPR.  GDPR stands for General Data Protection Regulation, and includes seven principles:

  • Lawfulness, fairness and transparency .. the user has given you permission to use their information and you have told them what they get in return.
  • Purpose limitation … you can collect information for a specific purpose, if you want to use that data for something else you need to ask for for permission again.
  • Data minimization … you should only collect the information you need.  For example if you are sending out a digital newsletter, you should only ask for name and email address.
  • Accuracy .. you are responsible for making sure that data is kept up to date
  • Storage limitation … you are responsible to only keep data you are currently using
  • Integrity and confidentiality (security) … you are responsible to keep the data secure from unauthorized use.
  • Accountability … you are responsible for showing that you are following GDPR rules

While GDPR is the strongest of the current regulations, other countries have updated their privacy policies, including:

  • Canada
  • Australia
  • Some US states (CA, CO, DE, NV, VA)

Keep in mind that each of these policies are different.  Also,  depending on where your business and website visitors are located, you may be required to follow multiple laws.

What are the benefits of having a website privacy policy?

  1. It attracts new visitors who are more likely to buy from you if they trust that their information will remain private.
  2. You may be required by law to have a website privacy policy, depending on where you and your website visitors live.
  3. A website privacy policy can help your site rank higher in search results.  Google has indicated that at some point, they will penalize the search engine ranking of sites that do not have a privacy policy.

What are the dangers of not having a privacy policy on your website?

You may be required by law to have a website privacy policy, depending on where you live.

Some possible consequences include: visitors abandoning the site because they don’t trust that their information will remain private; potential penalties from search engines if they rank low in organic results due to lack of compliance with webmaster guidelines; or fines/penalties imposed by the government that you do business in or your visitors are located in.

When should a website’s privacy policy be updated?

Although it is usually a good idea to review the website privacy policy every year, I recommend taking a quick look more often. I recommend updating your privacy policies after any significant change on your website or your business that affects how someone uses your website and what information they share with you. For example, if your organization has initiated new features that collect data, this would be a time to revisit and update your privacy policy.

These policies also need to be updated every time the laws change in your or your clients’ location.

How do I create a website privacy policy?

  1. Do it yourself.  There are examples online and you can take them and adapt to fit what you need.  The downside is that these can become out-of date when laws change or your business changes.  Also, if you don’t  write it correctly, it might not protect you if someone sues you.
  2. Hire a lawyer to write your privacy policies.  This is a great way to get a polity that fits your specific business.  The downside is that lawyers are expensive, and you will have to rehire them on a routine basis to review and update your privacy policy.
  3. Use a company that specializes in creating privacy policies, like Termageddon.  I use Termageddon to create privacy policies for myself and my clients.  Some of the benefits include:
    • Their policies are written by a licensed attorney who is certified in information privacy
    • You fill out a questionnaire and get a policy compliant with the latest industry best practices and will provide your visitors with a clear understanding of how you collect customer data.  
    • Your privacy policy will be updated as laws change
    • Reasonable pricing

The downside is that these policies can be general and are not written specifically for your business and website.


A website privacy statement outlines how an organization collects information through its website and how they use that information once collected.

Having an up-to-date privacy policy will …

  • Build trust between you and your customers by being transparent about how you will use their information

  • Protect your organization from potential lawsuits – which will cost your organization both time and money to defend

  • Eventually will be a factor of how Google ranks your website in search results

So, if you don’t currently have a privacy policy on your website, or need to updated it, get it done!

If you are interested in using Termageddon – feel free to contact me if you want help setting it up, or use my affiliate link : Termageddon

If you found this post helpful, or interesting, or useful ... share it with others
Want more useful website information sent straight to you email?
Sign-up for Enterprising Gals weekly newsletter