The What, Why, and How of Privacy Policies
Privacy policies have been around for a long time, but many people are still unsure what they are and why they need them.
In a nutshell, website privacy policies outline how the website owners will use and protect the sensitive personal information they collect from their website visitors.
Privacy policies often cover topics like the types of data collected (name, email address, physical address, credit card information, etc.) and how this information is used by the organization collecting it.
For your website visitors and customers
Website privacy policies are all about making sure that your visitors know what information you collect when they visit your website, how you use it, who else may see or access this data through sharing or transferring to third parties (such as advertisers), and any other ways in which their personal details might be used. Having these policies available builds trust between you and your visitor – you are telling them that you understand you are getting information from them and that you will take measures to make sure it stays private.
Liability for data breaches is on the rise, with cyber attacks increasing in frequency and severity every year. Organizations that collect personal information are responsible to protect it from unauthorized access or misuse by third parties. When an organization fails to take appropriate measures, it can lead to legal liability if their customer’s data gets hacked and they face fines or public embarrassment due to negative coverage in mainstream media- which will cost your organization both time and money to defend.
To comply with local and international laws
Privacy policies are also essential to help you meet the requirements of international and national laws.
Starting in 2016, countries around the world began updating their laws regarding data privacy to address our quickly changing digital world.
- Lawfulness, fairness and transparency .. the user has given you permission to use their information and you have told them what they get in return.
- Purpose limitation … you can collect information for a specific purpose, if you want to use that data for something else you need to ask for for permission again.
- Data minimization … you should only collect the information you need. For example if you are sending out a digital newsletter, you should only ask for name and email address.
- Accuracy .. you are responsible for making sure that data is kept up to date
- Storage limitation … you are responsible to only keep data you are currently using
- Integrity and confidentiality (security) … you are responsible to keep the data secure from unauthorized use.
- Accountability … you are responsible for showing that you are following GDPR rules
While GDPR is the strongest of the current regulations, other countries have updated their privacy policies, including:
- Some US states (CA, CO, DE, NV, VA)
Keep in mind that each of these policies are different. Also, depending on where your business and website visitors are located, you may be required to follow multiple laws.
- It attracts new visitors who are more likely to buy from you if they trust that their information will remain private.
Some possible consequences include: visitors abandoning the site because they don’t trust that their information will remain private; potential penalties from search engines if they rank low in organic results due to lack of compliance with webmaster guidelines; or fines/penalties imposed by the government that you do business in or your visitors are located in.
These policies also need to be updated every time the laws change in your or your clients’ location.
- Do it yourself. There are examples online and you can take them and adapt to fit what you need. The downside is that these can become out-of date when laws change or your business changes. Also, if you don’t write it correctly, it might not protect you if someone sues you.
- Use a company that specializes in creating privacy policies, like Termageddon. I use Termageddon to create privacy policies for myself and my clients. Some of the benefits include:
- Their policies are written by a licensed attorney who is certified in information privacy
- You fill out a questionnaire and get a policy compliant with the latest industry best practices and will provide your visitors with a clear understanding of how you collect customer data.
- Reasonable pricing
The downside is that these policies can be general and are not written specifically for your business and website.
A website privacy statement outlines how an organization collects information through its website and how they use that information once collected.
- Build trust between you and your customers by being transparent about how you will use their information
- Protect your organization from potential lawsuits – which will cost your organization both time and money to defend
- Eventually will be a factor of how Google ranks your website in search results
If you are interested in using Termageddon – feel free to contact me if you want help setting it up, or use my affiliate link : Termageddon