Privacy Policy 101: What Every Website Owner Should Know

Visitor Data Retention and Privacy

website data retention and visitor privacyQ: How long should I retain visitor data I capture on my site?

A: The answer depends upon applicable law, the type of data collected, and your relationship with the visitor. For example, there’s certain information you’ll want to have that a customer provides you if there’s ever a breach of contract lawsuit regarding goods or services you provided.

The statute of limitations for bringing such a lawsuit may make it necessary for you to keep that information longer than you otherwise would if the same data was supplied to you by a visitor who is not a customer.

The key here (particularly with PII), is to keep the information only as long as you really need it.

Regardless of what you do, your site’s privacy policy should be clear and consistent with how your data retention actually works.

Information Security Risks

data security and hackingQ: Why not keep the data forever just in case you might need it someday?

A: The longer you keep such information, the greater the risk hackers or a government agency spying online will access and misuse the data. Keep it as long as needed for legitimate business and legal reasons but no longer.

You should also point out the inevitable risk of such hacking and spying in your privacy policy, how you attempt to protect data (without providing too much detail that actually enables hacking), and let the visitor make an informed decision on what information to provide you via your site with full knowledge of these dangers…

Author Mike Young, Esq.

Internet Lawyer Mike Young provides contracts and other efficient legal solutions to business owners and C-level executives of privately held companies. To get legal advice from Mike, click here to set up your phone consultation with him.

More posts by Mike Young, Esq.