If you scroll to the bottom of most websites, you will probably see the link to a privacy policy. What exactly is a privacy policy, and do you need one for your business? If you have a privacy policy, is it up to date with your business’ data practices and compliant with latest law?
What is a Privacy Policy?
A privacy policy is a legal agreement a business makes with its customers on how the business will handle the customers’ personal information. A privacy policy often takes the form of a statement with multiple sections, each outlining how the business collects, uses, protects, and shares personal information.
Personal information, or data, includes names, addresses, and credit card information–standard information customers give when signing up for a mailing list, creating an account, or placing an order.
To withstand legal scrutiny, user and/or customers need to be able to relatively easily understand how and where their personal data is being stored, their access rights, and their opt-out rights. The privacy policy should be easily accessible on your website, and you should let your customers know if your change the privacy policy.
You should also link your privacy policy to a terms of use (sometimes called terms of service). The terms of use outlines additional terms required to use the website, such as shipping and returns, payment terms, and liability. Often, customers must give affirmative consent, in checking a box, that they agree to the privacy policy and the terms of use before they can sign up for an account or place an order. “I read and accept the Privacy Policy” or “I agree to the Terms of Use” are typical statements found which affirm consent.
Source: https://www.shopify.com/legal/privacy
Why You Need a Privacy Policy?
It is important to establish a strong legal foundation with a compliant privacy policy rather than risk the liability in mishandling personal information. In today’s competitive marketplace, trust and transparency are important cache in doing business. Showing your customers that you are proactive about handling their data can go a long way in setting you apart as a reputable business.
There is also state, federal and even international liability for not adhering to privacy laws. For example, if your business has customers in a state or country with a data privacy law, your business should follow that law, even if your business is not physically located in that state or country. In the 21st century, customer bases are scattered across the world which invoke among others:
• European Union General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Virginia Consumer Data Protection Act
• Colorado Privacy Act
• And others, like the Children’s Online Privacy Protection Act (COPPA), which applies when your website targets children under the age of 13.
There are costly penalties for not following these laws. For example, the CCPA is enforced by the California Attorney General’s Office, and fines can reach $7,500 for each intentional violation of the CCPA. Sect. 1798.155(a).
Read more in our blog post on Why Privacy Policies Should be at the Top of Your To-Do List.
Why You Should Customize Your Business’ Privacy Policy
Where do you begin? Many online resources provide free, but generic privacy policy templates. Relying on this cut-and-paste approach might expose your business to legal risk if the privacy policy is not customized to your business.
A privacy policy should be customized with the following considerations in mind:
• Where are your customers located, i.e., what laws apply?
• What personal information does your business collect?
• When does your website use cookies, or other tracking technologies?
• How does your business store and protect data?
• Who does your business share data with?
Diving in on sharing data, your website likely is connected to third-party service providers for website analytics, communications, or payments. Popular third-party service providers are Amazon Web Services, Google Analytics, Mailchimp, and Shopify. If you use third-party service providers, you are probably sharing your customers’ personal information with those providers and you need to inform your customers that you share their data with those service providers. This is merely one of the many considerations to evaluate in customizing a privacy policy.
Why Work With Counsel?
At EmergeCounsel, we speak with our clients to understand their business. We then go step-by-step to draft a comprehensive privacy policy that includes relevant provisions and leaves out language that might not apply. As our clients’ data privacy practices change over time, we work with them to update the privacy policy and ensure compliance with new laws. Schedule a call with our legal team today