Does My Website Really Need a Privacy Policy?

Does My Website Really Need a Privacy Policy?

If you’re like most business owners, you’re busy being focused on your company. As a result, you probably don’t realize you need a privacy policy for your website.

However, because the laws keep changing, and with the recent GDPR law passing into effect, it’s important to have a solid privacy policy for your website.

But what exactly happens if you don’t have a privacy policy and what are the laws that require one?

If those questions are keeping you up at night, you’re in the right place. We’ll answer all of your questions about your website needing a privacy policy and share how you can get one relatively painlessly.

What Happens If I Don’t Have A Privacy Policy?

A privacy policy is meant to inform your website visitors about what information you collect from them via your website, for what purpose, and how you protect that data in case of a security breach. It’s required by several different laws that govern privacy and data protection laws of internet users.

As a result, if your website is not compliant with those laws by not having a privacy policy, you could be facing serious fines. What’s more, fines are usually per violation, which ends up adding up.

For example, Google was fined €150000 by the French regulator as they have found their privacy policy wasn’t clear enough on what data is collected and for what reason.

However, a privacy policy does not only protect your website visitors and users. It also protects you, the website owner. A case in point is the lawsuit against Delta Airlines which ended in victory for the airline company. A federal court in California ruled in the airline’s favor saying they weren’t in breach of contract after Delta had a massive data breach and customers filed a class action lawsuit.

Which Laws Affect Me/My Business?

We mentioned earlier that several laws exist that require your website to have a privacy policy. The most notable of those laws are:

  • GDPRGeneral Data Protection Regulation is a European regulation that protects the privacy rights of EU residents. It applies to you if you’re located in the EU or if you’re offering services and goods to EU residents or monitor their behaviour online, regardless of your location.
  • CalOPPA — stands for California Online Privacy Protection Act of 2003 and requires website owners to have a privacy policy on their website if they collect Personal Identifying Information of California residents.
  • CCPA — the California Consumer Privacy Act requires a privacy policy on websites of businesses that do business in California and collect, share or sell personal information of California residents. The CCPA has very specific requirements that apply to for-profit entities.
  • Nevada Revised Statutes Chapter 603A — similarly, to CCPA, Nevada requires a privacy policy with very specific disclosures such as what data is collected, how website owners will notify users of any changes, and similar.
  • Delaware (DOPPA)Delaware Online Privacy and Protection Act protects the rights of residents of Delaware and like the others on this list, requires you to have a privacy policy that has very specific disclosures.
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA) — the Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects sensitive patient health information by not allowing you to disclose them to third-parties without their consent or knowledge. Specifically, the HIPPA privacy rule protects patients’ personal health information and sets the standard for the patients’ right to know how their information is used.
  • And others such as Australian Privacy Act of 1988 and Canadian Personal Information Protection and Electronic Documents Act

Do Nonprofits Need A Privacy Policy?

So far, everything we’ve learned about privacy policies points to the fact that if you’re doing business, you need a privacy policy. So what happens with nonprofit organizations?

Even if you’re a nonprofit entity, chances are you are collecting personal information for donations or volunteers. While the law isn’t very clear on non-profits, it’s better to be safe than sorry and add a privacy policy to your website.

This will not only ensure you’re compliant with the law but it will also build trust and provide clarity to users.

What Do I Need In My Privacy Policy?

There are many different laws that govern the privacy rights of Internet users. As such, there are several guidelines for what you need to include in your privacy policy. However, there are three main parts that your privacy policy needs to include:

  • You need to specify what Personal Identifiable Information (PII) is collected on your website
  • How you use that information
  • And who do you share that information with.

Other requirements may include:

  • The date your policy went into effect
  • Your contact information
  • The manner in which you collect PII such as analytics software, advertising pixels, social networks, and similar
  • Why you collect the information
  • How do you respond to the Do Not Track signals
  • And more.

How Do I Ensure It Stays Up To Date?

As you might guess, creating a comprehensive and compliant privacy policy is no easy task. But once you have your privacy policy, the most important thing is to ensure it stays up to date.

Since laws are constantly changing, it’s best to have a privacy policy that is constantly automatically updated. This way as laws change, you will know you are fully protected and you won’t have to worry about updating it manually.

What’s Next?

A privacy policy is required by several different laws that govern the privacy laws and rights of Internet users, regardless of where you are located in the world or where your users are located. It also protects you in case of security breaches and other legal matters.

If you’re running your website without a privacy policy, now is the best time to act. Contact us to get your Termageddon policy setup so you can sleep peacefully at night.

No Comments

Post A Comment