Privacy Policy: What It Is & When You Need One

You’ve undoubtedly seen privacy policies on websites you’ve visited or apps you’ve downloaded. Privacy Policies or Privacy Notices are legal contracts between users of a service (website, app, etc.) and the providing company. In today’s post, I discuss what you’ll find in a Privacy Policy and when you need to have one in place. 

What’s In a Privacy Policy

• What information you collect. It’s a good idea to list out all the types of information you collect and how it’s collected, such as filling out a form, purchasing a product or service, etc.
• Purposes for collecting the information. This often includes to improve the website or app, to improve the product offering or service, to understand the target customer better, or recently, to train AI models based on customer data (if so used). Often, it’s a combination of a few things.
• What your company will do with that information, including with whom you share that information. List out all the ways your company intends to use this information, such as sharing with certain third party vendors and complying with law enforcement agencies, and how the data is stored, how long it’s stored, and how it’s kept safe.
• An opt-out policy. Under certain laws (such as the CCPA and GDPR), customers have the right to request the company delete their information and opt out of the sale of the personal information. Having an email or other channel through which customers can reach you to opt out is critical.

When To Post a Privacy Policy 

While no federal laws directly require a privacy policy, many federal laws do regulate data privacy, and many state laws require privacy policies for certain businesses. Additionally, many laws outside the US, such as the GDPR, require disclosure as to data collection, processing, and a consumer’s right to deletion. 

You’ll need to get a Privacy Policy online any time you are collecting personal information from your users, whether via an app or website. Personal information includes: name, address, email, phone number, and payment information. Additionally, some anonymous data can be linked to an individual via other information, and can include data such as tracking data. Many laws also protect these types of information, as well. In addition to complying with legal requirements, having a Privacy Policy is important for building a reliable brand that consumers will trust and use. Usually, Privacy Policies are referenced in online Terms of Service or Terms and Conditions, and are also agreed to via click-through.

Getting a Privacy Policy Implemented and Keeping it Updated

A commercial or privacy attorney can work with your business to understand your data collection practices and help you draft a compliant Privacy Policy. It’s a good idea to update your Terms and Privacy Policy once a year, or any time major product changes or data collection practices have evolved.

‍