Maintaining a website or mobile app is a necessary step to become or remain relevant in commerce today. If your business has a website, and that website tracks visitor data, your website needs a comprehensive privacy policy agreement. Regardless of the data collected and whether that data is generated by your customers, your subscribers, or other website visitors, a privacy policy is legally required. Providing a privacy policy link also leads to increased trust between businesses and visitors. 

A well-constructed website privacy policy will both protect your business and reassure your clients that you have security protocols in place for their valuable information. As part of my law practice, I regularly craft Privacy Policies that fit my client’s website and needs. I thought I’d take the opportunity to share the most important things you need to cover in your website’s privacy policy.

Tailor the Privacy Policy to Your Website

The first step to creating an effective privacy policy is to review the method your website uses to collect and store data. Be certain that your privacy policy properly aligns with how you are treating data. Transparency is critical for building trust with your current and potential users.

When writing a privacy policy, make sure to consider the geographic scope of your business. Doing business in overseas jurisdictions will require you to abide by international privacy laws on top of American laws.

There is not a one-size-fits-all template, but there are common points every privacy policy needs to address. You’ll need to study the applicable laws of your particular location to figure out the exact details of what is required. 

Required Disclosures

Before turning to what your website will collect and what is done with collected data, a privacy policy should lay out some basics.

Business Name and Contact Information

The privacy policy has to clarify the legally registered business that created the website and how to reach your company regarding any privacy issues. 

How Visitors Can Opt-Out of Data Collection

The privacy policy needs to list options for how users can stop their personal data from being tracked on your website. Providing an opt-out option directly in the privacy policy is good practice. Include a method for users to receive a copy of any personal information already collected by the website.

Notice of Governing Laws

It is important to give notice in your privacy policy that any information you collect and store will be governed by the laws of the United States of America, provided your company will be storing customer data domestically. Remind the visitor this is true regardless of where they are located. 

Security Disclosures 

In this section of the privacy policy, you should reassure users that your company handles their data according to comprehensive security protocols. However, a legal disclaimer indicating that perfect data security is not possible should accompany any discussion regarding user data protection. The disclaimer should notify users they assume the risk by transmitting any data.

Notification of Updates and Changes

The privacy policy should explain that updates occur on occasion and provide users with a method to acknowledge a change in the terms. 

Likewise, user information may change from time to time, and the privacy policy can explain how to update their account information. The Policy should also lay out how a user can change any of their disclosure settings.

Beyond the above disclosures, a well-built privacy policy will clearly explain what data will be collected, what will be done with that information, and who will have access to the details collected.

What Type of Data is Tracked by Your Website?

It is crucial to describe to visitors what data the website will collect. Typically, the data can be categorized as:

Personal Data

If your website is tracking names, phone numbers, email or physical addresses, and other personal details, disclose this information in the privacy policy. Additionally, explain what opt-outs exist and how opting-out of data collection will affect your website’s user experience.

Cookies

Websites that utilize cookies are able to provide beneficial enhancements to the user experience for individual visitors or customers. Web browsers, however, can generally be configured to disable cookies, so your privacy policy should provide notice that cookies are active, and the visitor has the option to stop using cookies. It should also inform the user that certain site functions may not work optimally without cookies.

Analytical Usage Data 

Convey to the visitor that your website tracks usage data to streamline functionality. The privacy policy needs to disclose if your website is tracking IP addresses, particular browser usage, ISP data, and crash logs. Furthermore, it should inform the visitor that when the site is accessed – and for how long – will be recorded.

What are the Uses for Tracked Data?

Privacy Policies should inform users what information they are sharing by using a website and what your company plans to do with their data. 

Personal Information for Customer Service

Ecommerce websites should inform customers that their personal information, including addresses, will be used for order fulfillment. Even websites that are not directly selling goods or services may utilize personal information to ensure customer satisfaction. Inform visitors what data they are sharing if they participate in any surveys or feedback.

Participation in Marketing and Updates

A well-structured privacy policy will disclose that user information will be collected for future marketing campaigns or other updates regarding the website, products, or experiences. Provide an opt-out method in this section, as well.

Outside Contractors

In the course of routine website maintenance and upkeep, your company may contract with other service providers. The privacy policy should clarify that some user data may be shared with third-party contractors in order for the rendering of effective services. A disclaimer of liability for anything that occurs once a visitor clicks on a third-party link or advertisement should also be present.

Will Visitors’ Data be Shared?

To make an informed decision about providing your website with personal and usage information, a user needs to be aware of the circumstances your website will share their data.

Selling Personal Information

If your company plans to collect data from its users to sell, rent, or lend information to outside parties for their own usage, disclose this fact in the Privacy Party. Users need to have the option to avoid having their data sold.

External Third-Party Sharing

A user should be aware that their information and data may be shared for marketing, maintenance, or research purposes with external parties. These providers should share your commitment to data privacy, but it should be clear that your clients consent to share their data by continuing to use the website.

Internal Corporate Sharing

Your company may be part of a larger corporate structure with affiliates, parents, or subsidiaries. A privacy policy must disclose that your company may share data collected on this particular website with all of your related entities. 

Legal Disclosures

User data may need to be shared with authorities or regulators in order to comply with various laws or court orders. Additionally, as part of corporate restructuring, mergers, or acquisitions, personal information may be required to be disclosed to regulators. 

Why an Attorney Should Draft Your Privacy Policy

There may be seemingly handy privacy policy templates or a free privacy policy generator available online, but a lawyer can tailor a privacy policy to your individual needs. An attorney can also ensure your privacy policy complies with all relevant state and federal laws. As a business attorney myself, I often see the ugly results of an insufficient privacy policy, and they really, really aren’t pretty. 

A licensed, experienced local attorney will help your privacy policy avoid the pitfalls inherent in standardized templates. Mod Law Firm is happy to provide assistance in tailoring a privacy policy to your website’s needs. Schedule a consult with us here!