At Kliebert Law, we get lots of questions about website privacy policies. Confusion abounds among business owners in this area, and we’d like to set the record straight. So, without further ado, let’s discuss some frequently asked questions about privacy policies.
What is a privacy policy?
What a great place to start! Most commonly, the phrase “privacy policy” (or “privacy notice”) refers to a document on a website or mobile application that explains how the business operating the website or app collects and uses the personal information of its users. It can also refer to a business’s internal policies for the collection and use of personal information obtained from other sources, such as employee files. Today we’ll focus on website and mobile app privacy policies.
Do I need a privacy policy?
Probably so. In certain countries and geographic areas (such as California and the European Union), the law requires any website or mobile app that collects personal information to provide its users with its privacy policies. “Personal information” is a broad term that includes things such as names, email addresses, and IP addresses. Even if your company is not based in a state that requires privacy policies, the laws of other states or countries may apply to you if you target customers there or collect information about people who live there. Further, popular advertising and analytical services (like Google Analytics and Facebook) require anyone using their services to have a privacy policy disclosing the information that will be collected and how it will be used.
“Consumers expect all businesses – from brick-and-mortar Mom-and-Pops to innovative tech giants – to live up to their privacy and security promises whether they store consumers’ personal information on their own systems or in third-party cloud services. There are no exceptions.”
— LESLEY FAIR, FEDERAL TRADE COMMISSION
Can’t I just copy and paste a privacy policy from another website?
No. A good privacy policy accurately reflects how your company collects and uses information. Since data collection practices can vary significantly from company to company, there is no “one-size-fits-all” privacy policy. Privacy policies are legal documents that can cause headaches for your business if not handled properly. In some circumstances, courts have found privacy policies to be binding contracts between a business and its customers, allowing the business to be sued for not living up to promises made to safeguard customer information. Similarly, state and federal regulatory agencies have fined companies billions of dollars for misrepresenting their data collection and use practices in their privacy policies.
How often should I update my privacy policy?
Your policy policy should be updated anytime your business changes the way it uses and collects personal information. Common examples are implementation of a new online advertising campaign or email newsletter. Even if no major changes are made to your practices, it’s prudent to review your privacy policy on a periodic basis to make sure the information contained in it remains accurate and up-to-date. Once a year is great. Every six months is better.
