Privacy policies contain the official practices of a company website, including:
- Data collection
- The company and website name
- The terms of service
- A description of the personal information gathered by the website
- The terms and conditions
- References to the GDPR and CCPA
- The method of collection of personal information and data processing
- Storage of the personal information and the extent the information is secure
- The intended usage of the business to use the personal information
- The way online users can request a rectification or check their personal information
- The frequency in which policies are updated (i.e., once a year, etc.)
- The complaint filing process for consumers
- The storage of cookies
Laws may also force companies to adopt policies with increased transparency and inform users on how they can exclude their personal data from being collected.
- General Data Protection Regulation (GDPR). The GDPR is a regulation from the European Union (EU) that protects the personal data of EU citizens, regardless of whether the business has a presence in the region.
- California Consumer Privacy Act (CCPA). The CCPA established the California Privacy Protection Agency. The act allows Californians to know what personal data is being collected about them and say no to the sale of personal data.
- California Online Privacy Protection Act (CalOPPA). CalOPPA requires commercial websites with users using internet services in California to post their privacy policies on their websites.
- Children’s Online Privacy Protection Rule (COPPA). A U.S. Federal Law that restricts websites serving users under the age of 13 from the unauthorized gathering, use, or disclosure of a child's personal information.
- Personal Information Protection and Electronic Documents Act. A Canadian law designed to protect the privacy of online users in Canada, effectively designed to assure European Users that their rights would be upheld in Canada as well.
As websites are designed to attract users from around the globe, the bare minimum of once a year is a reasonable frame of reference. Still, website admins should look for internet lawyers to determine what laws might apply to their target audience.
- Introduction of New Products and Services. As previously mentioned, new products or services may impact the data collected from users and force companies to modify their policies.
- Corporate Change. Modifying the business environment or entering different industries could result in the need to update policies.
- Modification in Data Processing. The enhanced use of personal data and changes in how data is stored may impact a website’s policies.
- Abide With Privacy Laws: Giving users an update notification is not only excellent business practice is required by various privacy laws.
- Satisfy User Concerns: With the growing number of websites and apps, user concerns about the security of their data are becoming increasingly more of a concern. Disclosing to users any changes will result in less backlash if those changes lead to future disruption in the business.