In case you want the immediate TL;DR (Too Long; Didn’t Read) answer, it is yes. You do need a privacy policy for your website. In an era where privacy doesn’t seem to exist anymore, we as website owners need to disclose certain information to our visitors. Even if they don’t take the time to read about it. Read on, and I’ll talk about the why’s and what laws and policies you might need to comply with to stay out of trouble.
* Disclaimer – (see, already getting on with the legal stuff!) I am not a lawyer and this is not explicit legal advice. I am also only covering the necessary information for the United States.
Which websites specifically need a privacy policy?
Your website needs a privacy policy in place if you collect any type of information about your visitors.
Some examples are:
- Web Forms – Contact forms, Donation forms, Registration forms, Surveys, etc. Anywhere a user enters in personal identifying information.
- Chat boxes – Even if you allow interaction as a guest, data is still collected.
- Ecommerce – This goes without saying, and you also need a Terms and Conditions Policy – we’ll talk about that later.
- Web Application Firewalls (WAF) – WAF’s collect IP information to identify potential hackers.
- Analytics – Tracking information, including anonymized data is one more reason you need a privacy policy.
Chances are that you are doing some or all of the above. You put your website up so you could communicate with others, and they could communicate with you, right?
What is a privacy policy?
Now that we’ve given you an idea of why you need a privacy policy, what is it exactly? Simply put, your privacy policy states what data that you collect about your visitors, why you collect it and how you are collecting it. Simple, right?
Stating the basic collection of data and how seems simple enough, and it usually is. Until a new law is passed. Here’s the rub for many of us, we don’t do business in just one area, and our websites are accessible in multiple locations. That means we need to comply with all applicable laws where the website visitor may reside.
California Consumer Privacy Act (CCPA)
Internationally the EU made some waves in the web professional community with GDPR in 2018. This was one of the first laws requiring full disclosure of data use collection, and the ability for the end user to delete that information from a company’s collection. This only affected websites that specifically served EU residents.
At One Dog Solutions, we didn’t worry too much about the EU privacy laws at the time, because we didn’t do any business outside of the United States. The latest domestic privacy laws are what prompted us to write this article.
Fast forward a couple years and we have California’s privacy law that went into effect January 1st, 2021. Much like GDPR, the CCPA gives consumers more control over the data businesses collect about them. Some of the new rights to California residents include:
- The right to know about the personal information a business collects about them and how it is used and shared;
- The right to delete personal information collected from them (with some exceptions);
- The right to opt-out of the sale of their personal information; and
- The right to non-discrimination for exercising their CCPA rights.
Businesses are required to display their handling of consumers’ personal data.
This law applies to for-profit businesses that meet any of the following:
- Have a gross annual revenue of over $25 million;
- Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or
- Derive 50% or more of their annual revenue from selling California residents’ personal information.
CCPA doesn’t apply to me, do I still need a privacy policy?
The CCPA isn’t the only privacy law that a website needs to comply with. I used that as an example of the most encompassing new law that has gone into effect.
The Children’s Online Privacy Protection Rule (COPPA) that was passed in 1998 is another large encompassing privacy law for website visitors under the age of 13. COPPA isn’t the only other law. The FTC and your local governments have a number of rules that need to be followed and will prosecute if you are out of compliance.
Many companies have stated that they are going to abide by the CCPA standard, even for non-California residents. Not just the government, but the market is starting to speak on how they will implement these practices, including Microsoft.
How do I get a privacy policy?
Ok, now that you’ve decided you need a privacy policy, you need to write one. You could consult with your legal counsel on retainer and have them draw up a document that you can display on your website showing you’re in compliance.
When the laws change, you will need to update your policy with your lawyer again. This is not a bad route to take if you’re a large company.
Another option is to use a service like Termageddon to keep your policy updated. They keep up to date on the appropriate laws and have a questionnaire that you complete to help generate a policy that matches with your data collection practices.
I will caution against copying another site’s privacy policy. You may not be collecting the same data, or in the same way. This may be even worse than having no policy at all!
You need a privacy policy.
That’s my opinion and I’m sticking to it. It’s not a difficult thing to do, but is something that needs to be done. A simple link to your policy in the footer of your website is generally enough of a CYA, but you need a policy and you need to display it.
All of the sites that we build make use of Google Analytics which require you to have a privacy policy in place showing opt-out information to use it.
We make auto updating legal policies available to all of our Web Care clients. If there is a change in the law, it will be automatically reflected in your policy, so that you don’t have to do a thing.
We even have Terms & Conditions policies for e-commerce clients, but that’s a topic for another day!
If you have any questions about privacy policies or web stuff in general, send us a message. We’re always happy to help.
Are you keeping your WordPress website protected?
Download our guide to understand how to evaluate the success of your website, plus tips that will help you make improvements today!
"*" indicates required fields
