Is Your Website Covered? Privacy Policy: The Low Down
Note: This post may contain affiliate links; I may earn a commission (at no extra cost to you) if you make a purchase via my links. See my disclosure for more info.
Table of Contents
What is a Privacy Policy?
A Privacy Policy is a statement provided on a website that explains how you collect, use, and disclose personally identifiable information.
What is Personally Identifiable Information?
Personally Identifiable Information (PII) is any data that could be used to identify a specific person. Such as a name, email or physical address and phone number.
What the law says about having a Privacy Policy
If your website has a contact form, an email newsletter signup form or collects Personally Identifiable Information (PII) from visitors in other ways, you need a Privacy Policy. In fact, there are many laws that require websites to have a Privacy Policy:
- General Data Protection Regulation (GDPR) – a privacy law that protects the PII of European Union residents and applies to businesses outside of the European Union as well;
- United Kingdom Data Protection Act 2018 (UK DPA) – a privacy law that protects the PII of United Kingdom residents and applies to businesses outside of the United Kingdom as well;
- California Online Privacy Protection Act of 2003 (CalOPPA) – a privacy law that applies to any website that collects the PII of California residents;
- California Consumer Privacy Act (CCPA) – a new privacy law that protects the PII of California residents;
- Delaware Online Privacy and Protection act (DOPPA): a privacy law that applies to any website that collects the PII of Delaware residents;
- Nevada Revised Statutes Chapter 603(A) – a recently amended privacy law that protects the PII of Nevada residents;
- Personal Information Protection and Electronic Documents Act (PIPEDA) – a privacy law that protects the PII of residents of Canada;
- And more. New privacy laws affecting websites are being proposed and passed regularly.
Why you need Policies
In the States, the penalties for not complying with privacy laws can range from $2,500 per violation (which can mean per website visitor) to €20,000,000. States like New York are proposing privacy bills which will enable their citizens to sue businesses, of any size and location, simply for having a contact form without an up to date Privacy Policy.
Over a dozen states have proposed or already are implementing privacy laws to protect the Personally Identifiable Information (PII) of its citizens. Each of these laws has unique requirements as well as unique penalties for not complying. Some states are proposing businesses be fined over $5,000 per infringement (per website visitor). Some states are proposing private right of action (meaning citizens of that state can sue businesses anywhere in the US).
These laws do not care where the business is located. The laws are only out to protect its citizens.
Websites that ask for a ‘name’ and ’email’ address on a contact form are collecting PII and need to not only have a compliant Privacy Policy, but also need a strategy to keep their policy up to date when these laws are added or changed.
In summary
Ensure you have an up to date Privacy Policy.
- Avoid massive fines and lawsuits
- Limit your liability
- Keep control of your website
- Protect your intellectual-property
- Ensure legitimacy to your website visitors
Which policy is the right policy?
1. If a website has a contact form, it needs a Privacy Policy.
Contact forms ask for a “name” and “email”, which are examples of “Personally Identifiable Information” (PII). Multiple countries and states have enacted privacy laws that impose heavy fines for not having an up to date compliant Privacy Policy. Also, over a dozen states are proposing laws that can apply to businesses regardless of their location. Several of these proposed laws will enable its citizens to sue businesses of any size located anywhere. It’s simple: if you ask for PII via a contact form, and you want to avoid fines and lawsuits, provide a compliant Privacy Policy.
2. If a website offers links to third party websites, it should have a Terms & Conditions
Terms & Conditions limit a company’s liability. If a user clicks a link to a 3rd party site that is hacked, and then that user gets hacked, a Terms & Conditions helps prevent that business from being sued.
Bonus fun fact: A Terms and Conditions (aka Terms of Use) can provide a DMCA Notice, which can help your business from being sued for improper use of copyrighted material (like licensed images).
3. If a website offers affiliate links, it should have a Disclaimer
… as well as websites providing information that could be considered health advice or legal advice (law firms!), are also good reasons to have a Disclaimer. A lot of affiliate programs will require you to have a disclaimer, and consumers want to know when you’re getting paid for links you put on your website.
Privacy Policy Generator
We personally use Termageddon which is run by actual lawyers, not robots, who write and update policies as and when the laws change. Termageddon is a generator of policies for websites and applications. When the law changes, so do the policies, keeping your company protected and allowing you to focus on more important things.
