Planning to write a Privacy Policy for your business but don’t know where to start? Maybe you’re running a website or app, and you’re seeing all these new privacy laws popping up and you think, yikes – guess it’s time to make this privacy page happen. But where the heck do I start? And what exactly is a Privacy Policy, to begin with?
Don’t worry, we’ll cover everything you need to know, right now. Starting with the million dollar question (billion dollar for some as you’ll soon see):
What’s a Privacy Policy?
A Privacy Policy is a statement that shows how you handle customers’ personal information like names, addresses, and phone numbers. It can be one of the most important documents a business creates for its customers.
With privacy laws evolving at a mind-numbingly rapid pace, many businesses can easily end up violating federal, state, or even international laws. And the fines can be hefty, especially the proposed per-visitor fine – we’ll get to that in a moment. But if they create a good Privacy Policy, there’s nothing to worry about. Later in this article, we’ll show you exactly what an effective Privacy Policy looks like. Right now, let’s delve a bit deeper into why you need a good Privacy Policy.
Why Do You Need A Privacy Policy?
Your goal here is to protect your visitors, and protect yourself. Because if you’re collecting data (like names, emails, phone #’s, etc) there’s an ever-increasingly good chance you’re required by one of the many new laws to have a Privacy Policy. (Or you will be soon.) Which brings us to reason #1:
Reason #1 – It’s the Right Thing To Do
It’s pretty straightforward. There are many ways companies can abuse your private information. When those companies have to create a Privacy Policy (and get your permission to use your information, for example), it helps keep them from doing that.
You probably want to know what companies are doing with your private information, right? You deserve to know that. And of course the same applies to what you’re doing with other people’s private information. They deserve to know. Put simply, creating a Privacy Policy is the right thing to do. That’s the #1 reason.
Reason #2 – It’s Required by Many States & Third Party Services
Many states already have privacy laws, and many more have proposed them or are in the process of implementing them. Their goal is to protect people, specifically, their PII (Personally Identifiable Information). And the punishment for not having a Privacy Policy varies from state to state.
These laws don’t consider the business location, they’re written specifically to protect the people. And while there are already plenty of laws to navigate, there are many more on the way. (See privacy laws at the bottom of this post.)
If you use Google Ads, Facebook, or Apple, you’ll want to check their Privacy Policy requirements asap. Google requires Google Ads users to have a privacy policy, and Meta requires the same for Facebook advertisers. Same goes for Instagram and many other advertising platforms. They use third-party services, which ensure compliance with any international laws while storing cookies as the client uses them.
If you are planning on using third-party services with your website or app, make sure to first check their privacy policy requirements. Whenever you advertise online, chances are, you’ll need a privacy policy. So it’s always worth checking.
Reason #3 – So Customers Trust You
Customers, especially Millennials and Gen Z (who’ll soon hold the majority of the purchasing power) expect honesty and transparency. People want to have control of their information, and feel safe. This is why having a Privacy Policy on your site is indispensable. Showing them how your site handles personal information can help them trust your business more. And a good Privacy Policy gives you a competitive advantage over competitors who don’t have one, or have a weak one. Create a clear, concise, and transparent privacy policy for your customers. They’ll appreciate you for it.
What an Effective Privacy Policy Looks Like
So. We covered what it is, and we covered why you need one. Now, let’s unearth the facts you need to know to create an effective Privacy Policy. This is what an effective Privacy Policy looks like.
Fact #1 – It’s Not As Hard As You Might Think
A Privacy Policy sounds like a big ball of red tape and legal jargon, and one that’s difficult to create correctly. And while that used to be somewhat true, today it’s easier than ever. It’s really just a matter of plugging your info into a tool like Termageddon (see more below), which generates your Privacy Policy. This generator then keeps your Privacy Policy up to date and ensures that you’re 100% legal in every state. Which is pretty great. Within a matter of minutes, you can:
- Show your visitors you care about their privacy
- Ensure legitimacy to your visitors
- Protect your intellectual property and avoid legal issues
Clearly, a good policy revolves around privacy, security and safety. So let’s talk about that.
Fact #2 – A Good Privacy Policy Promotes Safety & Security
Is information collected safely? Big question. Naturally, the safety and security of all collected information from your customers should be a top priority. When customers visit a business, one of the things they expect is that their privacy will be respected. This means that the business will not collect personal information from them without their consent and will not sell or give it away to other businesses or organizations.
Note that a privacy policy is just a document. Your customers are allowed to know how their data is used and handled. It does not necessarily process or protect anything. However, it lets your customers know that you are being responsible with their data, and have a public document stating exactly how it is being handled.
Fact #3 – A Good Privacy Policy Discloses the Data you Collect
Obviously, the data you collect on your website varies depending on the goals of your site. To create the best policy possible, you’ll want to take inventory of all of the data you collect or plan to collect. To jog your memory, let’s list out a few…
Common types of data collection on a website can include:
- Name
- Address
- E-mail address
- IP address
- Device identifiers
- Etc
These are typically collected through a simple contact form on a website, an ecommerce checkout, or even by using Google Analytics on your website. This should all be disclosed.
Tired of repeatedly seeing cookie acceptance popups on some websites? The truth is, some sites use cookies to collect information from clients. These are used to help track the visitor’s usage and access preferences on the services offered by the website. This should all be disclosed.
There’s also automatically collected information like:
- log-in information
- usage information
- location information.
Again, this information is automatically collected and stored. And again, this should all be disclosed.
Lastly, you may or may not need to include some or all of the following disclosures. It really depends on which laws apply to you (see privacy laws at the bottom of this post).
But you’ll likely need to include at least some of the following information:
- Your name
- Your contact information
- Effective date of your policy
- What PII you collect
- How you collect the PII
- How you’ll use the PII
- Whether or not you share PII
- How you protect the information you collect
- Whether or not you use analytics on your site, Google Analytics for example
- Whether or not you use cookies or other forms of tracking on your site
- Whether or not you use their information for marketing and advertising
- How they can opt out of this if so desired
- All of their privacy rights and how they can use them
- Whether or not you have a Data Protection Officer
- How they can appeal decisions about their privacy rights
- If you share the PII, with whom and why
- If you can locate, profile, and identify a person with the data collected
- How the visitor can turn that data collection off
- What your site does with “Do Not Track” signals
- How you’ll update them on changes to the Privacy Policy
- Whether or not you sell their information
- What information you sell specifically, if you do
- The process they can use to complain to the authorities if their rights have been violated
- The legality of your methods of gathering and processing PII
- How you store the information
- Whether or not you transfer PII to other countries or organizations outside of the country
The Shortcut to Generating a Better Privacy Policy
Creating a Privacy Policy for your business – yes, it’s important to help you dodge lawsuits and fines, and yes, it’s very valuable to have overall. But here’s the main problem at this point.
How on earth do you create it? There’s so many laws to comb through, so many disclosures to identify and put into place. Most people aren’t completely aware of all the PII they’re collecting and using, let alone the laws that apply to them, and which specific things they need to disclose.
Good news is, there are Privacy Policy generation tools that cut days of research down to virtually none. They can be amazing. That said, choosing the right one for your business is critical.
One example of a privacy policy generator that we highly recommend is Termageddon. Termageddon is the longest-running Privacy Policy Generator. The company is founded and run by a licensed privacy attorney who also serves as the Chairman of the American Bar Association – ePrivacy Committee.
This generator helps you quickly monitor privacy laws, and automatically keeps your Privacy Policy consistently up to date.
The updates are specific to your website and the information you originally provided to the generator. This generator basically handles all of the hard parts.The team members of Termageddon stay on top of the privacy laws so you don’t have to. That’s a breath of fresh air and then some…
To Sum it up…
Your Privacy Policy is key, as it is for any business operating online and collecting data. It’s one of the first things that clients look for when using a site and is becoming a legal requirement in more states each year.
Having a privacy policy can not only keep your business compliant with ever-changing laws but can also attract more customers, build trust, and connect with them better. And above all, you get peace of mind knowing that you did the right thing. Need some help in creating your privacy policy? Check out Termaggedon to see more of what this privacy policy generator can do for you, or email us for more information. We’d be more than happy to help!
*Specific Laws
There are many different laws and requirements regarding customer data and privacy policies based on the location of your business. Currently, there is no federal law in the US dictating the requirement of a privacy policy for your business. However, there are a number of state laws that have been passed and more states are following this trend every year. California, Virginia, and Colorado have state laws in place already and Utah has just passed one that will go into effect in 2023.
If we look at the state of California as an example, if a business attracts customers that reside in the state, then a privacy policy is required by CCPA and CaloPPA.
California Consumer Privacy Act, also known as CCPA which took effect in January 2020, gives consumers more control over the personal information that businesses collect from them. It applies to any business that impacts people in California. This law also provides the consumers four (4) different rights, namely:
(1) Right to know about the information collected from them,
(2) Right to delete information collected from them,
(3) Right to opt-out from selling their personal information, and
(4) Right to non-discrimination in the exercise of the CCPA rights.
On the other hand, California Online Privacy Protection Act or CaloPPA, currently considered the broadest privacy law in the US, was created to protect the rights and personal information of all California residents.
Similarly, if the website visitors include those coming from Europe, then the said site is required by the GDPR to have a privacy policy. The General Data Protection Regulation (GDPR) is a European Union’s data protection law that mandates how personal data should be used by the organization. Seven (7) key principles of this law are set out right at the start. These are the fundamental building blocks for good data protection practice. Failure to comply with these principles may result in a substantial fine stated in Article 83 (5) (a). These principles are as follows:
(1) Lawfulness, fairness, and transparency
(2) Purpose limitation
(3) Data minimization
(4) Accuracy
(5) Storage limitation
(6) Integrity and confidentiality, and
(7) AccountabilityAlso as stated earlier, Utah has just passed one law last March 25, 2022 that will go into effect on December 31, 2023. The Utah Consumer Privacy Act is intended to protect collected data and information from the Utah residents and from businesses that operate in the said state or those businesses whose target customers are located in Utah.