Your Website Needs a Privacy Policy

You’re likely not an expert on European internet privacy laws, but you may have noticed your inbox flooded with Privacy Policy updates from nearly every organization you’ve ever interacted with online. It’s no coincidence. On May 25, 2018 the European Union’s General Data Protection Regulation (GDPR) comes into effect. The New York Times calls it, “some of the toughest online privacy rules in the world.” So if your business or organization interacts with individuals in any of the 28 countries in the Eurozone, then you by law need to ensure your online Privacy Policies and practices are up-to-date and compliant with these regulations, but even if your organization only does business in the United States, there are still plenty of good reasons (and laws) to have an up-to-date Privacy Policy.

A Privacy Policy is a legal agreement in which your organization discloses what data you’re collecting and how you’re using it. In the U.S. there are several laws that regulate data privacy (The Americans With Disability Act, The Cable Communications Policy Act of 1984, Electronic Communications Privacy Act of 1986, The Computer Security Act of 1997, etc.), and state law in California (CalOPPA) requires website Privacy Policies for organizations collecting personal, identifiable information on California residents.

In addition to laws, the terms of service for many commonly-used website tools require Privacy Policies to be posted when using those services. For example, Google Analytics, a service that allows websites to monitor and analyze website traffic, says in its Terms of Service, in part: “You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect data. You must disclose the use of Google Analytics, and how it collects and processes data.”

With all this in mind it should be clear that your website needs a Privacy Policy, and its surprising to me that in 2018 I still see so many website without them (which admittedly, included this website until recently). I can’t tell exactly your website’s Privacy Policy needs to say because I’m not your website manager or your lawyer, but here are some good first steps to help you figure it out.

Writing your website’s Privacy Policy requires first that you understand all the data you’re collecting and how you’re using, storing, and protecting it. Create a list of at all the services you’re using to monitor, optimize, display content, and advertise on your website. Examine your digital security procedures and protocols (it’s good to do this periodically anyway). Make sure you do a comprehensive analysis including an examination of your data storage methods, marketing, legal, and any other departments or services that use or manage your website.

Next, read the Privacy Policies of organizations you know and trust – it’s not exactly like reading a thrilling novel, but it will help you figure out commonly used standards. There are plenty of Privacy Policies that are dense legal documents, but Privacy Policies should be easy to understand and written at a 9th grade reading level. The Kimmel Center for the Performing Arts is an example of a simple, concise Privacy Policy.

Best practices:

  • Make it easy to understand – avoid complex and vague statements
  • Include the date the Privacy Policy was last updated
  • Provide contact information
  • Don’t just write a policy, take real steps to protecting and respecting user’s data and privacy
  • Never guarantee absolute security – no system is perfect

The tips outlined here are mainly intended to be helpful for individuals and small organizations in the U.S. Creating a privacy policy can go hand-in-hand with better understanding and successfully managing your website. If you have more questions there are plenty of online resources for generating and updating Privacy Policies, and if you’re able to consult a lawyer and/or IT professional you should do so.

Although this is just a personal website that isn’t selling anything, I have, in the interest of transparency, written and posted a Privacy Policy. I hope you’ve found this helpful, and please contact me if you have any questions or comments on how to improve it.

Leave A Comment

Your email address will not be published. Required fields are marked *