All Websites Need a Privacy Policy, and Here’s Why

A company's website can have a massive impact on its success. Before visiting a business, consumers often look at their website to browse inventory, read information about services provided, sign up for emails, book appointments, and more. With this influx of online traffic comes the responsibility of obtaining Personally Identifiable Information (PII) and how to protect it from misuse. Federal privacy laws and state laws require you to have a Privacy Policy accessible on your website if you are collecting PII from website visitors.

What is a Privacy Policy?

A Privacy Policy is a legally binding agreement between you and your potential consumers that describes what kind of information you obtain from website visitors, how you are using this information, and what steps you are taking to ensure this information is safe. Privacy Policies usually include the type of information being collected by the business, data storage and security, purpose for data collection, third party affiliations, and a disclosure on the use of cookies. Businesses usually collect PII such as your name, date of birth, email address, billing and shipping address, phone number, payment information, and social security number.

What information do I have to include in a Privacy Policy?

The minimum information required for a Privacy Policy varies depending on how your company interacts with third-party vendors and where your company and website visitors reside. All Privacy Policies should include your business name and contact details, such as an address and phone number. You are also required to specify what data you are collecting. For example, if you are using Google Analytics then you must state you are tracking user behavior by Google Analytics through the use of cookies. You also must allow users to consent to the use of cookies. This disclaimer must be visible on the website’s front page and agreed upon through the clicking of a button rather than a passive banner notice. Other examples of data collection include tracking the link your consumer followed to get to your website or the demographic information they provide. You also must justify why your business is collecting this information and how a customer can opt-out of data collection.

What happens if I don’t have a Privacy Policy?

  • Not having a Privacy Policy can result in oftentimes expensive consequences. Hefty penalties can be enforced for non-compliance with privacy laws.

  • Examples of privacy laws include the Nevada Revised Statutes Chapter 603A, California Online Privacy and Protection Act of 2003 (CalOPPA), Children’s Online Privacy Protection Act (COPPA), General Data Protection Regulation (GDPR) for EU residents, and many more.

  • Fines can range from $2,500 per violation to nearly a million dollars in total through failure to comply with these laws. Per violation means that you are fined each time a user visits your website, and you put their PII at risk through insufficient data protection and disclosure of usage information.

Okay, I need a Privacy Policy. Where should I put it on my website?

Privacy Policies can be lengthy and should be included on a separate page. Usually, links are included in the footer of your website so it can be easily accessed from every page. Regulations may require that your privacy policy can be accessed from each point that a customer might share their information with you. This might include where a visitor can fill out pre-visit forms for medical appointments, opt in to an email list for news on future events, or enter contact information for a callback. 

Every website needs a Privacy Policy in 2021. The best way to obtain a Privacy Policy that fits your business's needs is by consulting with a legal professional that is aware of what international and local requirements need to be fulfilled.