With the increase in security breaches mentioned in the news and the continued push of the European Unions framework for data protection called General Data Protection Regulation (GDPR), you might be wondering if your own website needs a privacy policy?
Before we start, the first thing you need to know is, we are not lawyers. The information you find here should not be considered legal advice. When you are deciding what to do about a privacy policy or anything else that may have legal consequences regarding your business and your website, you should always talk with a lawyer. This lawyer should be familiar with your industry and specialize in website legal documents like privacy policies and terms of services for the locations of the audience your websites serve.
With the legal disclaimer out of the way, let’s look at the questions which are common amongst small business owners regarding privacy polices:
What is a Privacy Policy?
From a website perspective, a privacy policy is a document accessible on a website by the users which explains how a website and organization will collect, store, protect, and utilize personal information provided by its users.
The exact definition of personal information will vary depending on the privacy laws, but generally the following are included:
- Names
- Dates of birth
- Addresses (postal and email)
- Payment details
- Location
- Cookies
In addition to outlining how the company will use the information, it also includes how it will meet its legal obligations, and how those sharing their data can seek recourse should the company fail to meet those responsibilities.
Laws for privacy policies vary not only by country but may also by state or province. Depending on where your business is located, your website hosted, and your users are from will dictate what privacy laws you are legally required to follow.
Why have a Privacy Policy?
Yes, we know most people do not read any of the legal documents websites usually link to in the footer of their website. In fact it has been shown by the Pew Research Center that 78% of people usually completely ignore the privacy policy. So, if this is the case, why do we need one?
- Risk and Liability
Privacy polices are required by law for a website in most first world countries. Failure to have one may lead to fines and lawsuits. - Customer Trust
There is increased concern by visitors in sharing their personal information. A lack of a privacy policy may result in your visitors taking their business elsewhere. - Data Handling Improvements
When writing an effective privacy policy, it makes a company review how it handles its customer data and how they are protecting it. This leads to better security overall and increased protection against potential data breaches down the road. - Required by Third Party Services
Most third party services require a website to have a valid privacy policy in place to comply with their own terms of service.
By law in most cases, it doesn’t matter what country, state, or province your business is located in, it matters where your users are located. Here is a list of privacy laws that require a website to have a privacy policy.
- Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada
- California Online Privacy and Protection Act of 2003 (CalOPPA)
- California Consumer Privacy Act (CCPA)
- Delaware Online Privacy and Protection Act (DOPPA)
- Nevada Revised Statutes Chapter 603A
- General Data Protection Regulation (GDPR) – European Union
- United Kingdom Data Protection Act (UK DPA 2018)
- Australia Privacy Act 1988
All these laws are unique, and updates get proposed for them often, so they do change over time. This means your own privacy policy is not a static document and will need to get updated from time to time to stay compliant.
Depending on the privacy laws broken, fines can range in the thousands of dollars to millions.
Where do I get a Privacy Policy?
You could contact a lawyer that specializes in privacy polices. They will ask you some questions and then draft up a document for your website. While this may be the easiest thing to do, it is extremely expensive. As a business owner you probably already know, lawyers with specialties cost hundreds of dollars an hour.
You could search the internet and find a free privacy policy generator. Unfortunately, these tend to only cover the basics and doesn’t take many different aspects of privacy laws into account. I’ve heard these documents actually may do more harm than good from a legal standpoint.
The Real Solution
You could do what we have done, which is partner with Termageddon.
This is a company that specializes in privacy laws from all over the world. Based on a list of detailed questions they give you, they zero in on what privacy laws your website is legally required to follow and then generates a privacy policy and terms of service based on these laws and the answers you have supplied.
This allows your website to be compliant in the United States, Canada, Australia, United Kingdom, European Union, and more.
Termageddon is a comprehensive solution that also monitors amendments, regulator guidance, and proposed privacy bills. When a change comes into law that affects your privacy policy or terms of service, it will automatically be updated with the required information to keep your website compliant.
Since this solution is shared amongst many business owners it is a much cheaper solution and only costs $99 USD per year.
We believe in what Termageddon offers and have incorporated their service into our website design process here at eSilverStrike Consulting.
With all that being said, the documents Termageddon provide you should still be reviewed by a licensed attorney. While they have attorneys on staff, Termageddon itself is not a law firm. They do not have access to all your business information and therefor does not replace the advice of a licensed attorney. Still, the documents Termageddon provides will ensure smaller fees charged by the lawyer as much less of their time is needed. They will just have to review the documents (instead of creating new ones) and make any notations as needed based on your business’s specific needs.
If you would like to find out more about having a website designed by eSilverStrike Consulting you can contact us directly. If you want to get your own privacy policy right now, then visit Termageddon. Please note, if you purchase a service from the Termagedon links found on this page, we will receive a small commission.
