the artist's J.D.

Is your privacy policy transparent?

Your website’s privacy policy should make it clear what’s being collected, how this information is used, and who else can see it. PLUS a free email course!

Your website’s privacy policy should make it clear what’s being collected, how this information is used, and who else can see it. PLUS a free email course!

Does your website have:

  • Google Analytics installed?
  • A contact form?
  • Comments enabled?
  • A form to collect email addresses?

Then you are collecting information about visitors to your website and should have a privacy policy.

The goal is transparency

I’m a big fan of keeping the public policy of laws in the back of my mind as I try to understand why the laws are the way they are. The public policy behind privacy policies is centered on protecting consumers.

So as you are drafting your privacy policy put yourself in the shoes of your visitors. If you were them, what would you want to know about how you are tracking and identifying them?

What should you include?

You know that you are supposed to tell readers when you are paid for content on your site, but do you know the other ways a disclaimer can protect you? Your privacy policy should clearly lay out:

  • Who is collecting the information (e.g. you are collecting it or Google/Facebook is collecting it on your behalf)
  • What data is being collected
  • How you are using this information
  • If you share this information with anyone else
  • If the data is aggregated so you can’t identify any individual user

How to opt in/out

You should give your visitors a way to let you know if they don’t want their data collected and used. From the website owner’s standpoint, it’s usually easier to implement an “opt-out” policy, that requires consumers to let you know if they don’t want their data collected rather than an “opt-in” policy. Either way, you should let visitors know the process.

Access to data

Since you’ve got data on consumers, you need to let them know how they can review the information you’ve collected that’s specifically identifiable to them (rather than data that’s only identifiable in the aggregate).

  • Who do they address their request and what email/mailing address to they send it to?
  • How long will it take you to provide a response?
  • Will they need to pay anything to cover the costs of researching and gathering the data?

Security

If you are collecting and storing sensitive identifiable data that hackers might want to get at (e.g. credit card numbers) then you should have security measures in place to store and dispose of that data when it’s no longer needed.

Date

The easiest part of the privacy policy is the date the policy was posted or last updated.

Updates

Like we discussed with terms of service, you should outline to users the process that will occur when you want to update the privacy policy.

Word of warning: kids

If you know that you have a young audience, then you need to comply with laws surrounding the collection and storage of data on children under the age of 13. This requires the consent of the parents to collect data and parents must be able to review the data and revoke permission at any time. These laws are strict, so you should research this area if your site caters to children.

Follow your policy

Where most businesses get in trouble is not the absence of a privacy policy, but not following the policy they’ve laid out. So once you’ve got your privacy policy drafted, you must make sure that you follow it.

You should also regularly review your policy to make sure that it still outlines all the data you are collecting and matches up with what you are doing.

Logistics

You should have a link to your privacy policy (and terms of service if they aren’t combined) in the footer of your website. It should appear on at least your home page, but ideally on every page.

So take back out your mind-map and think about all the areas of your site that collect user data and add these areas to cover in your combined terms of service and privacy policy.
Let me know in the comments below what types of data you collect and what you want to cover in your privacy policy.

**Privacy policies are one of those areas of law that are in flux and require understanding a host of local, state, federal, and international laws. So it’s one of those areas that are often worth investing in getting done right by an expert. That being said, if you don’t have the cash flow to invest in having an expert draft one for you, don’t steal a privacy policy from some other website thinking it will cover your butt. Because you don’t know (a) who created it and if it was done right or (b) what information they are collecting about visitors and if it matches up with what you are doing.

Sign up for my free 5-day challenge that will help you get your most important website page legit--without a ton of legalese.

Wish you had access to the kind of lawyer that you want to join for coffee?

You can! I’m your friendly legal eagle (and licensed attorney). And I’d love to pop in your inbox to help you cut through the red-tape and share how there can be ease in the legalese.

  • This field is for validation purposes and should be left unchanged.

Your step-by-step guide to protecting your ass(ets) without the headache.

PRE-ORDER NOW
X