Lock image with Privacy above it

In most countries, including the United States, it is required to have a Privacy Policy clearly shown on your website if you collect personal information. Personal information, which is often collected via a contact form, includes names, addresses, phone numbers, email addresses, and dates of birth. Your privacy policy states states what you do as the website owner or administrator does with this information. The statement includes the types of information collected (personal, IP address, location, etc.), why you are collecting the information, where and how you store the data and security you have, who sees the data, third-party involvement, data transfers, and the use of cookies.

Other instances where information may be collected include: Google Analytics, cookies, email newsletters, and comments on blog posts.

What is generally in a Privacy Policy?

  1. Informs the user of the data you are collecting and for how long.
  2. Location, security procedures, and access to the data.
  3. Procedure for requesting the data collected.
  4. Contact information for questions regarding the policy.
  5. An opt-out notice for users — especially for GDPR.

As an example, here is a link to the Privacy Policy of Silphium Design.

Information gathered about you

Other than the information gleaned from the above sources, some information is gathered without input from the user. Types of information that may be gathered without your knowledge can indlude IP addresses, Browser type, computer system information, operating system (OS) used, computer processing unit (CPU), and download speed.

Overview of Requirements

United States Privacy Policy Requirements

  1. CalOPPA (California Online Privacy Protection Act – 2018): This law covers California citizens and is considered the most comprehensive privacy law in the United States. It essentially makes these policies a requirement throughout the the US due to the possibility of a California citizen using your website. In a nutshell, the law states that you must have clearly posted and understandable privacy policy posted on the website in a conspicuous location such as a footer.
  2. CCPA (California Consumer Privacy Act – 2018): While CalOPPA is directly generally at websites, this law also covers websites and requires that businesses disclose the data collected on or offline upon request. The disclosure should be covered in any privacy policy.
  3. Other State Laws: DE, NV, OR: all of these states require the operators of websites to post a privacy policy disclosing the information collected. Virginia also has a law but it covers businesses that have the data of at least 100,000 consumers or does 50% of its business in Virginia.
  4. Federal Trade Commission (FTC): The Federal Trade Commission also has regulations regarding privacy policies, but it is centered more on the implementation of the policy through deceptive trade practices.
  5. COPPA (Children’s Online Privacy Protection Act): This regulation is intended for those websites that are geared to children under the age of 13 or that know that children under 13 are using it. Like the other rules, it requires a statement regarding the collection and use of the data.
  6. HIPAA (Health Insurance Portability and Accountability Act): This act deals with health related information and is similar to the others, just in a medical sense.

Requirements around the World

  1. GDPR (General Data Protection Regulation – 2018): requires a privacy policy of all companies that collect personal information on people located in the European Union (EU). Under this regulation users must be information of their eight rights under the GDPR. Remember, even though this regulation is in Europe, your website travels throughout the world, and it is possible that a citizen of the EU may use your site.

Third-Party Requirements

Some third-party websites, such as Google, Amazon, and affiliates require a policy to be posted in order to comply with their own requirements and policies. If you apply for Google adwords, for instance, you will be required to have a policy posted on your own website.

It helps to be transparent

Another reason to have a Privacy Policy beyond the rules and regulations, is that is it generally expected by the users of the website. More and more people are concerned about their data and want to know what is being collected, how is it used, who sees it, and whether there is sharing of the data beyond the website. The more transparent you are, the more your users can trust you to do the right thing when it comes to the use of their information and data.

Links of Interest

ClickClickClick: This website shows in real-time the information that is collected about you are go about a a website.

Requirements for Privacy Policies: This lawyer’s website gives a good overview of privacy policy requirements.

Leave a Reply

Your email address will not be published. Required fields are marked *

eleven + six =