Is Your Website’s Privacy Policy Adequate?

Assessing Your Website

Does your business have a website? If not, you really should read this article. If so, does your website collect information? Does your website have a place for shopping, a contact form or something similar? If you do, it might be time to consider your website’s privacy policy.

Digital Privacy

Personally identifiable information (“PII”) is any information that could be used to identify, contact, or locate an individual. For example: names, addresses, email addresses, phone numbers, social security numbers, or any other identifier that would permit someone to contact an specific person physically or online.  If your website that collects PII, it should have a privacy policy.  But why are privacy policies required, and what should they say?

The United States has no unified set of laws regulating privacy.  Instead, privacy “requirements” derive from a hodgepodge of state and federal laws.  This list gets longer when one considers the privacy laws of other countries that may apply.  And, even if none of the myriad of privacy laws applies to your site, having a privacy policy can make users more comfortable with using your site.

Getting Your Privacy Policy

So what should your privacy policy say?  A good one should:

• Identify the types of PII your site collects
• Identify any third parties that receive or have access to PII from your site
• Describe the way PII is used
• Describe how your site protects PII
• Explain how users can change or delete their PII
• Explain how users will be notified of any changes to the privacy policy; and
• State the effective date of the policy.

Many of these topics are required by individual state statutes.  The most well-known statute, is California’s.  And since you can be sure your site will have users from California, your privacy policy should be designed to meet California’s requirements.

It may sound obvious, but make sure that everything in your privacy policy is true. Do not simply copy another site’s policy- write your own tailored to your website in light of the various laws that may apply. Some states have statutes prohibiting knowingly making false or misleading statements in a website privacy policy. Depending on the state, making false statements may run afoul of unfair trade practice statutes or common law misrepresentation.  Regardless of which law applies, you do not want find yourself having to explain why your policy says that no PII is shared when in fact you sell PII to third parties.

Other Considerations for your Privacy Policy

Don’t forget to identify third parties in your privacy policy.  For example, many sites use Google Analytics, but hardly any sites disclose this in their privacy policies. This can get dicey, especially since Google’s terms and services require this disclosure.  Similarly, if you use a third-party payment processor, your privacy policy should inform users that their PII is being shared with the payment processor.  Website operators should look carefully at what services they rely on to identify any third party PII-sharing that should be disclosed.

Another important topic applicable to some sites is the Children’s Online Privacy Protection Act, or “COPPA.”  The primary goal of COPPA is to place parents in control over what information is collected from their young children online. COPPA applies to websites targeted at children under 13 years old or websites with actual knowledge that some users are under the age of 13.  These websites must comply with additional requirements designed to protect children.  Many websites seek to avoid COPPA by prohibiting users under the age of 13, and by including privacy policy provisions stating that any PII for children under 13 inadvertently collected will be deleted.

Privacy policies are an important piece of the puzzle in protecting your customers and your business on the internet.  It should be carefully crafted to your site and needs.  If you need help, don’t hesitate to contact us.

Law 4 Small Business, P.C. (L4SB). A little law now can save a lot later.