Today, it is common for businesses to use a website to advertise to potential customers in their market. If you have ever signed up for a business’s newsletter, or made an appointment online, you probably clicked the box to agree to that business’s privacy policy, whether or not you actually read it. As a business, however, failing to have a well-crafted privacy policy can put you at odds with the law. Privacy policies are required by law in the United States, even if the only information you collect is for data analytics.
Requirements of a Privacy Policy
To be legal in the United States, a privacy policy must include:
What data you collect
How you collect data
Why you collect data
How users can opt-out
How you will protect the data you collect — including how long you will keep it and what happens if your business transfers ownership.
It should also be very clear who you are — your business name and contact information should be readily available.
If your clients are in California, your policy must comply with the California Online Privacy Protection Act of 2003 as well.
What Data?
Personal data includes the user’s name, email, birthday, location, financial information, social security number, and IP Address. Some of this information you might ask for directly, such as through a newsletter sign-up. Some of it is collected for you by your website as cookies or third-party vendors, like Google Analytics (who also require privacy policies).
Acknowledgement
It is important to get customer consent . Whenever you ask for data from your user, such as signing up for a newsletter or entering their information at checkout, be sure to have them acknowledge that they have read and understood the privacy policy.
Creating a privacy policy can be intimidating. Van Pelt Law can help. Set up an appointment today.