Does My Website Need a Privacy Policy?

Does my website need a privacy policy?

You have likely just encountered a situation where you may need to install a privacy policy on your website. Maybe you’re running Facebook ads or setting up a funnel to collect email addresses. So, what exactly does a privacy policy mean, anyways?

Installing a privacy policy on your website is not as complicated as it sounds. In fact, the privacy policy process is pretty simple these days. The complicated part is the many different privacy acts and rules that are out there that all depend on your geographical location.

Privacy is something many people expect to have, but until very recently, it isn’t something we truly have a “right” to. With the dawn of the internet age, privacy seems to become more and more obsolete. But recent law changes are pushing the privacy needle more towards being a right, depending on where you live.

In this blog we’ll talk about online privacy specifically in English speaking countries and help you decide if your business needs a privacy policy. Let’s start with a quick run-down of the privacy laws in different countries.

Laws

In Europe they have the GDPR (General Data Protection Regulation), which applies to EU (European Union) citizens and organizations doing business within EU member states. To throw in some not-so-fun challenges, each member state generally has their own separate exceptions and regional guidelines.

In Canada they have PIPEDA (Personal Information Protection and Electronic Documents Act)

In the UK (United Kingdom)  they have the DPA (Data Protection Act). This was an offshoot of the GDPR until Brexit happened.

Australia has the APP (Australian Privacy Principles).

In New Zealand they also have “principles” under the Privacy Act.

The United States has The 1974 US Privacy Act, which really only applies to Government agencies. However, three states have either enacted or passed a more stringent privacy policy. The biggest concern for most companies would be the state of California and its two laws: CalOPPA and CCPA. Nevada and Maine also have their own privacy laws now as well.

Who has the right to privacy?

Typically, it’s a person living in the state, province or country that has the act. Sometimes, it also applies to people passing through these regions as well.

Who has a duty to keep a privacy policy?

Typically, it’s a person or organization that owns a website or software that tracks any personal information. Different countries call these organizations different names from “businesses” to “organizations” to “data collectors”. Basically, if you are tracking people on your website or around the web, it means you.

What are the consequences of not having a privacy policy?

Usually, a privacy violation is a slap on the wrist for most countries if you make a mistake the first time. The person who feels their privacy has been violated has to first complain to the company that violated and/or breached their privacy and see what they’re going to do about it.

If you continue just sharing people’s personal information all over the internet after they asked you to politely stop, you can get hit with fines ranging from $5,000 (US on the low end) to $10,000,000 (or greater in Australia – usually only if you’re a big business). Usually though, the fine makes the business responsible for any financial losses an individual suffered as a result of you breaking their privacy.

What should you do now?

Review the privacy laws in your state/country/province and then make a privacy policy that makes sense for you. There are several privacy policy generators out there. Use a tool that creates one, then either add to your website yourself, or send it to your dedicated web developer to add. Developers often place it in the website footer, but you also need to make sure it shows anywhere you are requesting personal information. The bottom line is, you cannot run a Facebook lead ad without having said privacy policy on your site. 

Join the Backcourt Newsletter for more digital marketing tips and resources.