Rachel Rodgers Law Office Intellectual Property Strategy & Legal Counsel for Digital Entrepreneurs

9 Things You Must Have in Your Privacy Policy to Stay Out of Trouble

More Private

 

Privacy is a hot topic these days. With increased hacking and cyber crime happening, legislators on both the state and federal level are paying more attention to how websites collect, store, and protect consumer’s personal information. As a result, there are numerous laws and regulations dealing with consumer privacy being created and updated.

So what does any of this have to do with you and your business?

As you may know, websites and apps collect a variety of sensitive information from their customers and online visitors. If you collect even one iota of information on your website, you need a privacy policy. (tweet this) As we continue to conduct more and more of our lives online, identity theft and privacy concerns are a big deal to lawmakers. There are several laws governing privacy issues that affect small businesses. Here is a small sampling of the privacy laws that affect small business:

  • All websites and mobile apps that serve Californians must comply with California’s Online Privacy Protection Act (CalOPPA).
  • Any website that collects information from children under 13 must comply with a federal law called the Children’s Online Privacy Protection Act (COPPA).
  • If your website collects health information you must comply with HIPAA, and financial information is protected by the Gramm-Leach-Bliley Act.
  • In addition, the FTC can impose fines and other penalties against websites that violate consumer privacy rights, and class action suits have been filed by consumers themselves when they feel their private information has been exploited.

The truth is that privacy policies are not required by law in most states, but since your website can be accessed from any state, and (hopefully) has visitors and customers all over the country, you need a clear, easily accessible privacy policy that includes all of the legally required information on ALL of your websites.

Confused? Overwhelmed? Want to stab yourself in the eye?

Well don’t stab yourself in the eye cause I’m making life easy for you and giving you a list of things you must do to make sure your privacy policy is in compliance.

1. Make sure your privacy policy is conspicuously posted, easily accessible and readable. This means that it can’t be in tiny type or buried somewhere that requires a bunch of clicks to find. In fact, its imperative that the privacy policy be accessible from every single page of your website, including the home page. Your privacy policy creates a legal contract with the people who visit your website but the contract is only enforceable if your website’s visitors actually see the policy.

2. Be honest and clear about what info your website collects and how it is used. The whole purpose of a privacy policy is to inform the people that visit your website about the information you are collecting from them when they visit. So don’t be vague. For example, you can tell them specifically what information you collect and what you do with it by using simple, straightforward language such as, “We collect your name and email address in order to send you our newsletter.” Being vague about the information you collect and what you do with it can get you in trouble.

3. You must disclose whether your website responds to Do Not Track signals that are sent by a website visitor’s browser. This is a new law that just passed in January of this year. If you don’t know anything about Do Not Track signals, ask your IT person or web developer if your site responds to Do Not Track signals. If it does, you must say how your site responds to those signals. If you don’t, then your privacy policy should say that your website does not respond to Do Not Track signals. See, that wasn’t that hard, right?

4. If third parties have access to your website visitors’ information, your privacy policy should say so. This is a pet peeve because often cookie-cutter privacy policies say that the company does not share the visitors information with third parties but that is rarely ever true! Almost all businesses use third parties such as payment processors, email marketing providers, analytics software, etc. to run their business. So be sure to disclose that you do share website visitors’ information with select third parties that you use to to run your business.

5. Establish a policy for how a user can access, review, and request changes to the information your site stores about them. And include an email address in your privacy policy that website visitors can email if they have such a request.

6. Explain how you keep users’ information safe by including information on your site’s security. Its also good practice to explain that while you maintain security measures to protect users’ personal information from unauthorized access and misuse, no exchange of data over the Internet can be guaranteed as 100% secure. Ask your website visitor’s to agree that you are not responsible for their personal information that is intercepted without your authorization and despite your efforts to keep their information secure.

7. If you make material changes to your privacy policy, you have to notify your users before you make the change. Disclose how you will notify users when your privacy policy is updated. Send an email letting them know, and post the updated policy on your site with the date of the update.

8. Give website visitors’ the ability to opt out. It is also a good practice to provide website visitors with the option to opt out of having their private information collected. This will not usually apply to voluntarily provided information, but does apply to information that is automatically collected via cookies. Therefore, you may want to provide instructions on how they can disable cookies when visiting your site.

9. If you collect information on children, or health information, or financial information, get familiar with the laws mentioned above and make sure you comply. And consider hiring an attorney to assist you.

Having good privacy practices and putting the effort in to protect the information that your customers provide you with is not just good for covering your ass, it’s good business. Being a good steward of your customers’ info builds a foundation of trust with your customers and differentiates you from your competitors.

Want more lessons on running your business like a mother#$%^*@! BOSS? Plus added bonuses and resources we reserve just for our VIP mailing list? Subscribe here so you never miss a lesson or an opportunity.

css.php