Sooner or later, website owners turn their thoughts to drafting a privacy policy. All the big sites seem to have them and they seem pretty straightforward, but what are they really? What should site owners think about when drafting a privacy policy? The answer varies and can be very personal.
What Does A Privacy Policy Do?
Very simply, a privacy policy tells site users how the site owner will use the information that they provide.
It’s often a judgment call as to when drafting a privacy policy makes the most sense; it can be a personal decision. If you are collecting personal information from your site users, it’s time to think about a privacy policy. Many states require that websites serving their residents have a privacy policy posted (for instance, see the California Online Privacy Protection Act, aka CalOPPA). Laws like CalOPPA have certain requirements for posted privacy policies.
So, drafting a privacy policy means protecting personal information like email addresses, addresses, social security numbers, etc. by telling users how a site owner will protect, use and share the information that the users provide.
What Goes Into Drafting A Privacy Policy?
The first thing to understand about drafting a privacy policy is that it’s personal. Personal to your website and how you do business. Even though privacy policy generators can be useful and have their role, they often have gaps (in fact, if you read the terms and conditions of many privacy policy generators, they specifically say that the user should hire an attorney and not rely solely on the document). But most crucially, a site owner needs to understand what’s in their site’s policy and make sure to comply with it.
It creates legal liability to have a privacy policy and not comply with it. That’s beyond any liability that might come from not having one at all. Government authorities like the Federal Trade Commission tend to have a negative outlook on site owners who don’t comply with their own privacy policies.
So, when drafting a privacy policy, it’s important for a site owner to discuss with their attorney the specifics of how they will use and handle their users’ information. This process will help to uncover areas that may not have been considered (for instance, how information is provided to third-party services such as Google Adwords or credit card processors). This will involve a somewhat personal, but very valuable, conversation about how a site currently uses information and how that information will be used in the future.
Although there are a number of things that pretty much all privacy policies have in common, it’s the tailoring of the privacy policy that truly matters. By having a well-crafted privacy policy, site owners can design their business to avoid unnecessary and costly legal disputes down the road.
Get in touch if you have more questions about drafting a privacy policy.