Why do I need a privacy policy?
If you are collecting any personally identifiable information (PII), a privacy policy is required by law. Namely, the following laws require a privacy policy. Namely, PII includes name, email, phone, physical address through a contact form, newsletter subscription, appointment booking, and e-commerce.
- California Consumer Privacy Act (CCPA)
- Nevada Revised Statutes Chapter 603A & SB220
- Delaware Online Privacy and Protection Act (DOPPA)
- Children’s Online Privacy Protection Act (COPPA)
- Personal Information Protection and Electronic Documents Act (PIPEDA)
- General Data Protection Regulation (GDPR)
Privacy policies can protect you against liability if there is a dispute about the way you gather personal information. Make sure that your policy is clear and easy to find on your site. A footer location is the standard.
In addition, a penality of $2500 for each consumer violation can be assessed in the United States.
What should a privacy policy say?
What data is collected
Tell the user not only what data you are collecting, but what data third party analytics is gathering. Be upfront about the “invisible data” that is being gathered like IP address, operating systems, and URL clickstreams
How data is collected and used
Include items that the user inputs AND data about the user’s behavior. The former may include contact forms, subscriber email, credit card information, and shopping cart contents. The latter may include bounce rates, number of return visits, ect.
How data is protected
List security plug-ins, hosting precautions, and analytic programs that you utilize. If your site is not intended for children under the age of 13, say so and discourage minors from sharing personal information.
What About Cookies?
Even if you don’t use cookies, all analytics programs do. Be transparent. Tell the user that cookies are data that your computer receives and collects when it visits a website. Cookies are stored in a file in your browser’s settings. This data is not altered by neither websites nor computers.
Describe how you use cookies and why.
In most cases, you will use cookies to obtain data to make your website easier to use and eliminate irrelevant information.
Identify the types of cookies used
There are basically three categories of cookies: session, tracking and authentication. Session cookies track data when a user is on the site and expires when the user clicks off the site. Tracking cookies will note what pages the user views over a period of time. Authentication cookies track if a user is logged in and under what name.
Explain the function of each cookie used
If you have written a program that collects cookie information, list the name of the cooke and its function. For example, the ‘_gid’ cookie is used to distinguish users using a client ID and expires after 24 hours.
If you are using a plug-in that has access to cookies, list the name of the plug-in and provide a link to the privacy and cookies policy.
Need additional guidance?
The link below shows examples of various companies meeting the different specific requirements of thorough privacy policies.