Draft Privacy Policy in Washington for E-Learning Business

There are myriad laws that govern privacy. In the U.S. there are the U.S. Privacy Act, HIPPA for health info, GLBA for financial, COPPA protecting children, and now more States are adding privacy laws. In 2023 alone, new consumer privacy laws will be effective in California, Colorado, Connecticut, Utah, and Virginia. Doing business internationally? The GDPR in the EU is recognized as something of a gold standard for individual privacy. The GDPR created ongoing obligations for maintains and updating privacy implementation. Companies located anywhere, not just the EU, must appoint a Data Protection Officer (“DPO”) if they have to carry out large scale, regular and systematic monitoring of people, for example online behavior tracking or large scale processing of sensitive (special category) data or data relating to crimes and criminal convictions.

There are three main parts of a privacy policy. One, you should be disclosing the kinds of information you collect from website visitors. For example: name, address, phone, email, credit card number, drivers license number, etc. Two, you should be disclosing how you use that information inside your organization. For example, for fulfilling purchases, providing customer service, processing payments, product improvement, marketing analytics, etc. Third, you should be disclosing how you share information with parties outside your organization. For example, you might use contractors and vendors to process payments, analyze website traffic, provide marketing analytics, etc. Another useful topic is how you protect information. You don't want to get so detailed that you give hackers a road map, but you can make general statements about using encryption, etc. And depending on the nature of your website and business, you may need to address GDPR or collecting information from children.