How often do you actually look at the roof of your house?
Probably never, unless it was just hit by lightning or it's leaking. But if your roof suddenly weren't there anymore, you'd notice it pretty quickly. Hmm, something's missing -- oh, THAT.
It's the same with website privacy policies.
Most of your site's visitors will never actually click on your privacy policy -- but that doesn't mean it's not important. Even if it goes unread, it’s one of the most essential parts of your website.
If you are collecting any sort of data from your visitors, whether explicitly through forms or implicitly through things like cookie tracking or analytics, you need to have a privacy policy in place. It’s not just a legal safeguard to ensure you’re compliant with an ever-growing body of laws like the California Online Privacy Protection Act or the EU General Data Protection Regulation (GDPR). It's also a key foundation for building visitor trust.
Your privacy policy should be easy to find and explicitly state the rights of your consumers. It needs to detail what data you collect, and what you do with that data. To comply with CCPA, your privacy policy should also indicate how a user can request their information be removed.
Don't Be Lazy -- or Overly Boring
Contrary to popular belief, it’s not enough to simply cut and paste someone else’s policy (something small businesses are tempted to do to save on time and/or legal fees). That's just lazy. Make a policy that is specific to your company's operations, and to be safe, include an attorney in creating this document.
Also take note that just because it's a legal document, that doesn't mean it has to be an "incomprehensible disaster," which most privacy policies are, according to a New York Times study.
The Times complimented the BBC's privacy policy for its simplicity. The policy reads in part:
We have to have a valid reason to use your personal information. It's called the ‘lawful basis for processing.’ Sometimes we might ask your permission to do things, like when you subscribe to an email. Other times, when you'd reasonably expect us to use your personal information, we don't ask your permission, but only when: the law says it's fine to use it, and it fits with the rights you have.
However simple or obtuse your privacy policy's language, you will probably want to make a number of boilerplate reassurances, such as:
- We do not sell your data;
- We do not share data unless compelled by law; and
- We only ask for personal information if it is needed to provide a service.
Build Your Policy Around Data Privacy -- and Stick to it
Anyone who uses the Internet is susceptible to potential data privacy issues today. Every move we make online can be tracked -- on your site and everywhere else.
If you’re planning on using any analytics tools or online advertising, companies like Google and Facebook require you to have a privacy policy in place to use their platforms.
While it might seem mundane and even harmless to store someone’s name and email address in your CRM when they fill out a form on your website, sometimes that’s all the information that a bad actor needs to wreak havoc in the event of a data breach.
Everything you communicate to your visitors about how your business operates should tell them that they are in trusted hands. Your privacy policy is the one of your first and best opportunities to provide this assurance.
Leave a Comment