Internet
Privacy Policy
California
What should be included in a privacy policy?
As a business owner, I am in the process of creating a website that collects personal information from visitors. I want to ensure that my website is compliant with privacy laws and protects the privacy of my visitors. I am not sure what information should be included in a privacy policy and would like to seek guidance from a lawyer.
1 Attorney answer
Answer
Internet
California
Paul S.
ContractsCounsel verified
There are three main parts of a privacy policy. One, you should be disclosing the kinds of information you collect from website visitors. For example: name, address, phone, email, credit card number, drivers license number, etc. Two, you should be disclosing how you use that information inside your organization. For example, for fulfilling purchases, providing customer service, processing payments, product improvement, marketing analytics, etc. Third, you should be disclosing how you share information with parties outside your organization. For example, you might use contractors and vendors to process payments, analyze website traffic, provide marketing analytics, etc. Another useful topic is how you protect information. You don't want to get so detailed that you give hackers a road map, but you can make general statements about using encryption, etc. And depending on the nature of your website and business, you may need to address GDPR or collecting information from children.