Note: this is not a comprehensive guide to privacy policies, it’s simply meant as an overview. We strongly recommend contacting an expert when you develop one for your website.
If your company collects and uses the following information, it must be explicitly stated:
- Personally identifiable information (name, address, etc.)
- Internet browsing habits
- Browser cookies
A link to the policy must be provided from any page that collects information. Depending on your industry, there may be some additional requirements as well. Placement at the footer of your website is standard.
The 3 Reasons your Website Needs One
1. It’s the Law
There is no single federal internet privacy law in the United States. What must be included in your policy is actually the sum total of several different laws, including:
- The Americans With Disabilities Act
- The Cable Communications Policy Act of 1984
- The Children’s Internet Protection Act of 2001 (updated in 2013)
- The Computer Fraud and Abuse Act of 1986
- The Computer Security Act of 1997
- The Consumer Credit Reporting Control Act
- The Children’s Online Privacy Protection Act (COPPA)
- The California Online Privacy Protection Act (CalOPPA)
Even if your company isn’t based in California, it still must comply with CalOPPA. If it doesn’t, and someone from California fills out a form on your website, you will be held responsible. The same applies to Europe’s brand new General Data Protection Regulations (GDPR).
2. Third-Party Providers Require One
This typically has to do with their use of tracking cookies. Users must be able to opt out of cookie tracking.
3. Builds Consumer Trust
In our experience, people have become more concerned with how businesses plan on using their personal data in the wake of the Facebook privacy scandal and the rollout of GDPR earlier this year.
Having a transparent policy that clearly details how you use their information is critical for building trust with the people who visit your website.
Again, when it’s time to write a policy about your company’s data management procedures, we strongly recommend contacting an expert who has experience. False information, even if it’s not intentionally misleading, can have severe consequences.