The Importance of a Privacy Policy

It is no secret that the public’s concerns over the use and protection of their personal data has intensified in recent years.  Today businesses that collect the personal information of their customers are expected to establish and maintain detailed and effective plans to safeguard the storage and use of private data.  But not only are these protections and policies expected by consumers, in most circumstances, commercial online businesses are required to publicly post and implement their own privacy policies.

What is a Privacy Policy?

A privacy policy is a legal document that outlines what personal information your website collects from your users, how that information is used, and how it is stored and safeguarded.   Along with your terms of service, your privacy policy is one of the most important documents you will have on your website.  It provides your users a blueprint of the procedures in place to ensure that their sensitive information is in good hands.  A clear and articulate privacy policy will go a long way in establishing trust in your company.

What Does My Privacy Policy Need to Include?

Although it is a legal document, your privacy policy should, at a minimum, clearly and accurately explain the following, without overly technical language or ‘legalese’:

  • The name of the business (or individual) that owns and operates the website.
  • What information is being collected? This may include names, email addresses, phone numbers, social media information, mailing addresses, and financial transaction data like credit card or bank account numbers.  You should also include any categories of information logged by your servers like IP addresses and hostnames.
  • How is that information being collected? Does your website utilize cookies, web beacons, or other automated collection processes, in addition to utilizing web mailing lists, web forms, online message boards, comments sections, and account registrations?
  • How is the information stored and whether the collection and storage is encrypted or safeguarded in another way from hackers and malicious attacks?
  • What do you do with their information? If you plan to sell or disseminate it in any way to a third party, this must be disclosed.
  • You must also disclose the use of third-party links on the site and any third-party services used to collect, process or store information, like email newsletter services and advertising networks (e.g. Google Adsense).
  • The contact information for the business so that users can contact you with any questions.
  • If your site serves an audience under the age of 13, Federal Law requires you make certain disclosures consistent with the Children’s Online Privacy Protection Act of 1998 (COPPA).
  • Any commercial site accessible in California must include language mandated by the California Online Privacy Protection Act.

Don’t Wait to Put Your Privacy Policy Into Place

While most commercial websites are required to have a privacy policy, it is still a good idea to have a well drafted privacy policy posted for any website.  Not only is providing transparency to your users the right thing to do, a well-crafted privacy policy, coupled with a comprehensive terms of use policy, will serve to provide substantial protection for you and your business and will avoid legal troubles down the road.

If your website does not have a privacy policy or it needs to be reviewed, talk with an experienced business attorney at The Jacobs Law, who can help draft effective privacy policies, along with many other important legal disclosures for your business.