Drafting a Privacy Policy for Your Website

Drafting a Privacy Policy for Your Website

Do you have a privacy policy for your website? Even though it’s not legally required in the U.S. or Canada (it is over in Europe), it is highly recommended if your website collects data via cookies, contact forms, e-newsletter signups, etc. In addition, anyone doing business in California (and collecting such information) is required by California state law to have a privacy policy on their website.

website privacy policy made publicWhere do you start? Begin with carefully writing the policy. It should include:

  1. a description of the type of information you collect
  2. how you collect it
  3. whether or not you store that information
  4. exactly what it is used for, and
  5. whether or not it will be made available to any third parties.

If you accept credit cards or mailing information used to send merchandise, you cannot say you “don’t share this information with any third party.” In order to process the credit cards or send items through the mail, you do have to share it with the post office and credit card processor. Even the user’s ISP can see the information being collected while in “transit” to the website’s server. Because of this, it is nearly impossible to have a situation where information collected from a user is not made available to any third party.

Making your privacy policy personal can help keep it from being too dry. It should be specific to your website and written by you or someone you employ (i.e., an attorney), not copied and pasted from another website. That’s not only plagiarism, but it also puts you in the position of being legally liable for any mistakes that are in the document. If you don’t feel comfortable writing your own privacy policy, try the online service SnapTerms. Their experts will write you a policy starting at $299. Smaller businesses that can get by with a very basic privacy policy can also obtain a template from the Better Business Bureau, such as this sample privacy policy from the BBB of Dallas, Texas, which can be edited to suit their needs.

Your privacy policy should also include terms of use for the website, unless you’ll include those terms of use in a separate page or document. That means visitors to your site continue from the home page with the understanding that you do collect data. By continuing through the site, they agree to its terms of use and they have full knowledge of your privacy policy. Websites intended for children 13 and under that collect ANY information (even a first name only) must have a privacy policy that complies with the Children’s Online Privacy Protection Act (COPPA). This act was designed so that parents could control the information collected from their children online. See https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions for details.

Partnerships and Associations