One of the questions we hear the most from business owners is if we provide a “standard privacy policy template” for websites. It is great that business owners recognize the need for website legal documents, but most are still under-informed when it comes to website privacy policies.
Read on to learn the 7 things you should know about website privacy policies in order to protect yourself, your business, and your audience.
1. Your website NEEDS a privacy policy.
If you collect personal information from your website visitors, you need a Privacy Policy. Not only do these policies build trust with your audience and position your website as legitimate, many third-party services require that your site have a Privacy Policy. Your policy will govern the use of your website by visitors and how you collect and store information. It should also protect you by decreasing the likelihood of lawsuits or fines.
2. You Can be Held Liable for Violating Laws in OTHER Jurisdictions.
Some states and countries legally require website owners to have a Privacy Policy. Even if you do not live in one of those jurisdictions, you are still responsible for complying with laws where your visitors reside.
For example, if you collect data from European or California residents you’ll want to add the GDPR (E.U.’s General Data Protection Regulation) and CCPPA (California Consumer Privacy Protection Act) in your website privacy policy.
If you are a small or medium-sized enterprise, you may not have to comply with the CCPPA but it is important to explicitly outline why your business is not regulated by the Act. An experienced internet attorney can help you steer clear of government investigations for failing to comply with laws that you may not be familiar with.
3. Legal Form Generators: Buyer Beware.
You can readily find legal form generators online if you do not have the funds to pay an attorney for a custom privacy policy. However, buyer beware.
Because sometimes legal form generator software is unreliable or out-of-date. Even worse, there have been cases where the creators behind the legal form generators stole work that was created by another attorney (this is copyright infringement-and can lead to hundreds of thousands in damages).
4. Privacy Policies are Intellectual Property
Many business owners think they can simply copy and paste privacy policies from other websites.
This could land you in an expensive lawsuit because privacy policies are copyright protected. Intellectual property lawsuits can lead to fines of $150,000 per infringement: enough to destroy your business and personal financial situation.
5. Some Personal Information Requires Additional Protection.
Certain personal data, such as full names, credit card numbers, and home addresses are considered sensitive personal information (or personally identifiable information) and subject to stricter privacy regulations.
Even if you do not purposefully collect this type of information, it is possible an unsuspecting visitor may reveal personally identifiable information in blog comments or forum posts. You will want to be clear in your Privacy Policy that other visitors who read this type of information cannot abuse it or share without the owner’s express consent.
6. You Need to Address Laws that Protect Minors.
Even if minors are not your target audience, you need to address the privacy of minors who may stumble upon your website for the same reasons listed in #2. You can be held liable for privacy violations under COPPA (the Children’s Online Privacy Protection Act) even if your site is not intended for children.
That’s why it is important to clarify whether minors under the age of 18 should be using your site in your Privacy Statement (and elsewhere on your website). You should also put safeguards in place to ensure you’re not collecting data from minors.
7. Health industry websites (doctors, hospitals, clinics, etc.) require extra compliance.
If your website collects or deals with patient health information in any capacity, you need to make sure your Privacy Policy references and complies with HIPAA (the Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act). This is especially relevant if your website includes a Patient Portal!
Bottom Line: your website’s privacy policy is nothing to take lightly. You want to ensure you’re protecting yourself (and your site visitors) with a well-drafted website privacy statement that is tailored to your business’s needs.
If you have the funds, it is always worthwhile to get customized documents prepared by an experienced Internet lawyer. Our firm offers a Website Legal Protection Package for a flat fee where we’ll review your website, discuss your needs, and provide you with customized legal protection for your website.
