As technology allows us to communicate with one another from anywhere, at any time, balancing accessibility and privacy becomes more and more difficult.
From Europe’s General Data Protection Regulation (GDPR) to California’s Consumer Privacy Act, governments continue to pass new regulations designed to protect our personal information. Privacy concerns have serious implications for your business, and your privacy policy – if you have one – can offer key protections for both consumers and you. So here are 5 key questions you need to ask — and answer – as you create it.
1. Do I need a privacy policy?
Yes. You might think you don’t need a privacy policy because your site doesn’t require a visitor to fill out an information form, create a profile, etc., BUT private data is not what you think it is! Depending on where you are, IP data collected about your visitors may be considered private data. Check the law governing your jurisdiction. Also, if you use any third-party analytics provider, their terms and conditions may require you to have a privacy policy. (Analytics software can be very invasive, especially if they use cookies!)
2. What information should I have in my privacy policy?
Your privacy policy should answer the following questions:
- Who owns the site? You should disclose your company/individual ownership.
- What information am I collecting? This should detail everything — from IP-address-only all the way through the detailed data form for a user subscription. Again, don’t forget to disclose analytics!
- Who else gets this data? You HAVE to disclose the methods that third parties use to get the data, not just who they are. Don’t forget to mention cookies and other apps that may be installed on the user’s machine.
- Can the viewer refuse to allow data collection? The viewer may want to see what information is collected, block their data, or want assurance that the data is deleted when they leave the site. Depending on where you are, you might legally have to offer some or all of these options.
- How will you notify users of changes?
- What is the effective date of the policy?
3. Can my privacy policy just be a little link at the bottom of the page?
No. Lisa Miklojachak wrote an excellent article on this topic, If Everyone is Special, No One Is.
4. Should I “lawyer up” to write my privacy policy?
It really depends on what you are doing on your site. Most sites can use a template or a free policy generator, or use another site for inspiration. If you are aggressively collecting data, though, you might want a legal review to keep you out of trouble. Some jurisdictions are very strict. Regardless, you should be able to explain your privacy policy to your grandmother. Keep it simple, clear, and easy to understand!
5. Do I need a liability disclaimer?
Yes. Having a Limited Liability disclaimer or forming your business as a Limited Liability Company (LLC) is the best way to protect your personal assets if a liability claim and/or lawsuit arises in relation to your website. Check your jurisdiction to see which option is the better choice.
My personal favorite disclaimer comes from the book Good Omens by Terry Pratchett and Neil Gaiman:
“This product is provided without warranty of any kind as to reliability, accuracy, existence or otherwise or fitness for any particular purpose and the manufacturer specifically does not warrant, guarantee, imply or make any representations as to its merchantability for any particular purpose and furthermore shall have no liability for or responsibility to you or any other person, entity or deity with respect of any loss or damage whatsoever caused by this upgrade, device or object or by any attempts to destroy it by hammering it against a wall or dropping it into a deep well or any other means whatsoever and moreover asserts that you indicate your acceptance of this agreement or any other agreement that may be substituted at any time by coming within five miles of the product or observing it through large telescopes or by any other means because you are such an easily cowed moron who will happily accept arrogant and unilateral conditions on a piece of highly priced garbage that you would not dream of accepting on a bag of dog biscuits and is used solely at your own risk.”