Does your website have a privacy policy in place? Privacy policies are statements, usually on their own page of your website, that documents how…
Does your website have a privacy policy in place? Privacy policies are statements, usually on their own page of your website, that documents how your business handles and processes the personally identifiable information (PII data) of your customers and web visitors. If your privacy policy isn’t detailed enough to warrant its own web page, it probably isn’t detailed enough.
Privacy policies show customers that they can trust a brand and give them peace of mind when purchasing or interacting with a brand. A comprehensive policy also gives your team peace of mind, making it less likely to get a “surprise complaint” from a customer or be hit with a costly lawsuit.
Data privacy is an incredibly important topic to businesses and consumers around the world. Privacy policies are a legal requirement in many countries but at the heart of the demand for increased data privacy and privacy policies are consumers. Consumers want to know how their data will be used and if you’re taking proper precautions to protect it because they know that their data is at risk.
Let’s dive into the data on data privacy:
These numbers show a concerning trend of increased data breaches and personal information stored by companies. It also shows that US consumers are aware and concerned about the risk of your business collecting and storing their data.
The GDPR and some US state regulations require organizations to publish a privacy policy.
Here are state regulations that regulate data privacy:
California – CCPA, and CalOPPA
Nevada – SB260
Vermont – SB110
Delaware – Delaware Online Privacy and Protection Act
Virginia – Consumer Data Protection Act
Colorado – Consumer Data Protection Laws
According to Unite.AI, 97% of EU websites do NOT meet the standards established by the GDPR. The potential legal ramifications make it critically important that this element of your site is comprehensive and routinely updated. If you don’t have experience writing legal policies or have an in-house legal team, we recommend creating a first draft with a privacy policy generator and having a legal expert review the document.
If your website uses newsletter sign-up forms, contact us forms, cookies, tracking technologies, or collects data during customer service interactions, you need a privacy policy! Here is what you should include.
Provide relevant contact details for your business. This includes your business name, address, and contact methods (phone, chat, email, etc.). Even if this wasn’t a legal requirement, it’s best to include this information. Making this information easily accessible reduces customer frustration when they have a question or complaint.
It’s vital that your privacy policy details the exact information you will collect. Types of information you may collect are personal data, technical information, and data related to a website visit.
PII data that you specifically need to disclose the collection of and protect include names, birthdays, email addresses, phone numbers, postal addresses, purchase activity, IP addresses, payment details, social security numbers, and more.
Technical information that you might collect includes device type, unique device identifier, IP address, browser used, time zone and location the website was accessed from, browser plug-ins used, operating system, and more.
The website visit data you may collect and need to disclose reads like a Google Analytics dashboard. Here are a few examples: URL, date and time a web page was accessed, pages viewed by a web visitor, page response times, download errors, visit duration for specific pages, page interaction information, etc.
You need to disclose whether you are storing data manually or electronically and ensure users that the method you have chosen was carefully vetted. Obviously, the transmission of information via the internet is not completely secure, so you will want to include a disclaimer about the potential risk.
It’s vital to include how your data is used and if you will be sharing any of this information with a third-party service provider. Some companies sell user information. If this is the case, you will need to disclose this in your policy and familiarize yourself with relevant legislation. The California Consumer Privacy Act (that went into effect 1/1/20) empowered California citizens to opt out of data selling. Although it’s only law in California, some companies have decided to proactively give users this option. If you don’t sell customer data (and have no plans to) you may as well include that you don’t sell customer data in your policy. If you do sell customer data, we recommend preparing your business for increased regulation.
This section of your privacy policy should also address professional service companies (like marketing agencies) who will use data for marketing purposes. If you use customer information for shipping you need to disclose this in this section as well.
Additionally, list the third-party apps that have access to customer data. This may include analytics tools (Google Analytics), tools used for advertising purposes (Google Adwords, social media platforms, etc.), email software (Mailchimp, ActiveCampaign, etc.), and payment processing tools (Stripe, Square, etc.).
Before bringing a professional service business or third-party tool into the fold and granting them access to your data, you will want to ensure that they can be trusted with user data.
Just like with any other page of your website, you want your privacy policy to be well designed and accessible. You can have the best privacy policy in place but it won’t be much use if your customers can’t navigate to it. First and foremost, anybody visiting your website needs to be able to easily find your privacy policy. It’s usually located in the website footer.
Last but not least, you may want to include a glossary or links to external resources about terms used in your privacy policy. Legislation related to data privacy often mentions a need for the policy to be easily understood. Linking to external resources and including a glossary helps your team satisfy this requirement.
It’s easy to forget about your privacy policy when you are creating a new website or even when you’re redesigning/updating your website. Even if you already have a privacy policy, it’s easy to forget to keep it updated. But it’s the responsibility of your business to make sure policies are in place and regulations related to data privacy are followed. If you’re facing lawsuits or governmental requests after a data breach, you will need to prove that proper precautions were taken.
There are many changes that you could make that would affect your privacy policy. For example, you may use a new payment processor to manage the payments that you receive. You could choose to utilize a new email marketing service or set up analytics on your website. For all of these options, you’d need to let your visitors know how their data will be used, managed, and stored. All that being said, make sure your privacy policy evolves with your business and notify your customers of any changes you make.
We want to close this blog post with a few quotes from two guys you might have heard of.
“Privacy means people know what they’re signing up for, in plain English and repeatedly. I believe people are smart and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you’re going to do with their data.” – Steve Jobs, Apple Co-founder
“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it. – Tim Cook, CEO of Apple
Copyright © 2017-2024 · Carbon Digital · All Rights Reserved.
