If your website collects any type of personal information from the user, even if it is data obtained passively without the user actually submitting it to you, you should have a privacy policy on the site. Depending on your business and target customers, this may be required by law as covered under multiple federal and international regulations that are designed to protect the privacy and sensitive data of internet consumers.
What Should My Privacy Policy Do?
Your Privacy Policy should clearly convey for what you are using any personal data or tracking data gathered through the site. Are you asking for electronic newsletter sign-ups? Then you’ll need to explain how often you’ll be mailing that newsletter and what the recipient should expect. Are you asking for a physical mailing address to send a free sample? Again, you’ll need to clearly explain how that process will work once personal data is turned over to your company.
What Information Should Be Included?
A comprehensive Privacy Policy needs to clearly identify the data that is being collected from the user, whether it’s an email address or usernames and passwords for third-party sites. Your Privacy Policy should also outline what other information your company may have access to once they collect any data, such as the ability to access personal profiles on social media sites or data about browsing habits.
It’s also important to tell users how you plan to use any personal information that’s collected from them. Is it for internal use only? Do you plan to share, rent, or sell that data? Will you use the data to communicate with the user in a specific way? You must be transparent about how information is being used so that browsers can make an informed decision when choosing to interact with your website. Clear disclosure is also for your own protection so that you have concrete evidence in case of being sued or accused of misusing personal data by a consumer in the future.
Don’t Forget the Children’s Online Privacy Protection Act
Even if your website is in no way specifically geared toward children, you must still have language on your site that is compliant with the Children’s Online Privacy Protection Act (COPPA) in the event a user under the age of 13 accesses your website and attempts to provide personal information. Your Privacy Policy must make clear that your website is not intended for children under 13 and does not knowingly or intentionally collect data from anyone in this age group.
If children or teenagers are your company’s target market, a more comprehensive Privacy Policy must be created, and parental permission may ultimately be required in order to collect the data you are seeking.
Additional Privacy Policy Considerations
 While a Privacy Policy may not be the most exciting feature of your website, your attorney should tell you it’s one of the most important. Making sure that you are transparently disclosing the way data is being collected, used, and eventually disposed of, in the event that the company is sold or dissolved can save you from angry users, online backlash, and even lawsuits if a problem arises with your company’s data collection practices down the road. And of course, ultimately and obviously, it is most important that you make sure your company is following the privacy policy posted.
If you’re not confident that the privacy policy on your website covers all the bases we mentioned in this blog post, we’d be happy to review what you have or help you create a more comprehensive privacy policy that provides you with protection and peace of mind. To schedule an appointment in person or via video conference, call our office at 888-666-0062.
 
DISCLAIMER: The information contained in this article is for informational purposes only and is not legal advice or a substitute for obtaining legal advice from