You’ve likely noticed privacy policies on almost every website that you’ve visited, and there’s a good reason for this. Every time a customer visits a website, it gathers, stores, shares and sometimes sells their data.
It’s also a transparent way for website and business owners to inform visitors about what’s going on with their data behind the scenes, which is important for business owners to establish trust with potential customers.
The U.S. does not have a general privacy law like some countries, so each state and even each sector may need to abide by different laws. Some examples include:
The Children’s Online Privacy Protection Act (COPPA), which applies to businesses collecting information on children, or the Health Insurance Portability and Accountability Act (HIPAA), which applies to healthcare providers.
California, Virginia, Maryland and Colorado have their own privacy laws in place. California undoubtedly has the most robust and powerful laws, including the California Online Privacy Protection Act (CalOPPA) and California Privacy Rights Act (CPRA). These laws will impact any website that is accessible in California, even if the business is based outside of the U.S.
Other countries generally have their own privacy laws that apply to websites and businesses operating there, such as:
- Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
- Europe: General Data Protection Regulation (GDPR)
- Australia: Privacy Act
- UK: Data Protection Act
What information you collect: Outline exactly what kind of information your website collects — for example, an email address, name, location, etc.
What you do with the information: Explain what you do with the information, such as whether you use it for shipping purposes, email marketing purposes or selling it to third-party services.
How long you keep the data for: Outline how long you store data and why.
What you do to safeguard the information: Explain what kinds of security measures you have on your website to ensure personal data is kept safe from unauthorized people.
Disclose any third-party services or plug-ins: Outline any third-party services or plug-ins that you use on your site that may also collect data, such as a credit card processor, analytics app or email marketing service.
Outline user’s rights: You should also explain any rights that the user has when it comes to collecting and storing data, such as erasing any data upon the user’s request.
Cookies and optional features: There may be additional sections required depending on the privacy laws or industries that you operate under, such as handling of children’s data or whether you sell personal information. Cookies — files created by the websites you visit — are provided to third parties to streamline your internet search, but can also provide privacy risks. It’s important to learn more about this feature to decide how it should be used on your site.
- Make your policy easy to read and structured clearly with different sections so the information is accessible for everyone.
- Be transparent and honest — if you knowingly collect, share, keep or sell personal information of any kind, you must declare it in your policy.
- Terms and conditions (Ts & Cs) is about protecting you, your website and your company. It outlines what is required of the user or visitor by visiting your site, subscribing to your content, downloading an app or purchasing a product. While not legally required, it can help if a legal issue is brought up by a customer, user or visitor.