Privacy Policy: Definition, What's Included

What Is a Privacy Policy?

A privacy policy is a legal statement explaining how a company collects, handles, processes, and respects its customers' personal data on a website or app. Most privacy policies use clear and explicit language to ensure that their customers or website visitors understand what personal data the company collects and how the company will use that information.

Privacy policies are necessary for any digital medium that collects user data, such as websites, e-commerce sites, blogs, web applications, mobile applications, and desktop applications.

You might also know privacy policies by other names, such as:

• Privacy statement.
• Privacy page.
• Privacy notice.
• Privacy information.

What Information Do You Collect?

The information your company collects through digital customer visits usually depends on the purpose of your website or app and your industry. Common examples of personal information collected digitally include:

• First name and last name.
• Mailing address.
• Billing address.
• Email address.
• Phone number.
• Age.
• Sex.
• Marital status.
• Race.
• Nationality.
• Religious beliefs.
• Credit card information.

Other information might relate specifically to customer actions within the site. For example, if your website allows users to share pictures, comment on posts, or like other user's information, you might collect all that data, as well.

The Necessity of a Privacy Policy

Privacy policies are not just a good way to build trust with and offer transparency to your customers — they're also legally necessary and required by most third-party applications.

Legal Obligations

Digital privacy laws and regulations exist all over the world, so if your website draws visitors from outside of your state or country, you need to abide by their local privacy laws in addition to your own. It's absolutely vital that you research the legal obligations relevant to your customer base to ensure you're abiding by the necessary laws.

There is no single federal privacy law in the U.S. Instead, individual states set digital privacy laws, and a few federal regulations create a patchwork of legal protections for consumers. If your customers come from all over the U.S., these federal regulations can help you structure your privacy policy:

• The Federal Trade Commission Act: Regulates commercial practices.
• Electronic Communications Privacy Act: Protects certain digital communications from unauthorized use.
• Computer Fraud and Abuse Act: Makes unauthorized computer and data access illegal.
• Children's Online Privacy and Protection Act: Requires parental consent before collecting information from children under the age of 13.
• Controlling the Assault of Non-Solicited Pornography and Marketing Act: Governs deception and disclosure through email marketing.
• Financial Services Modernization Act: Governs personal information use by financial institutions.
• Fair and Accurate Credit Transactions Act: Requires creditors and other financial institutions to maintain identity theft prevention programs.

Many states also have specific privacy laws. California's law, called the California Online Privacy Protection Act, is the most comprehensive and strict nationwide, so most companies use it for guidance when structuring their privacy policies.

If you have customers or website visitors from all over the world, you should refer to international privacy laws to ensure you're meeting all the necessary legal requirements.

Third-Party Obligations

Many third-party services require privacy policies. For example, if your blog hosts ads from Google Ads, you must abide by Google's privacy policy and post the language of its policy on your website. This is true of most major third-party services, like Amazon, Facebook, and Apple.

Building Trust

Providing a straightforward privacy policy also helps to build trust with your customers. They'll see that you respect their data and personal information and will appreciate your willingness to abide by regulations and your transparency in making it easy to see what data you collect and what you do with it.

Even if your website or app doesn't collect any personal information, you might consider posting a privacy policy anyway. Many customers expect to see a privacy policy when they visit a website or app, so the lack of one might be seen by some customers as a sign that you are trying to hide something. Instead, post a notice stating you don't collect any personal information.

What Does a Privacy Policy Include?

Privacy policies vary greatly depending on your business, your industry, and your customers' geographical location. Generally, your privacy policy should provide information regarding notice, choice, access, and security. Most privacy policies contain the following elements at a minimum:

• Customer data: List the types of information you collect and explain how it's collected.
• Usage: Explain how you use the information you collect.
• Storage and protection: Describe how you store and protect customer information to keep it safe from hackers.
• Company information: Provide contact information for the company should customers want further information regarding the privacy policy.
• Tracking: Explain how your company uses tools like cookies, log files, and other tracking tools.
• Opt out: Provide the option to opt out of data collection.

Depending on the specifics of your company, you might also consider including these elements in your privacy policy:

• Public data: Explain how you control and share any public data.
• Third-party access: Describe what access third-party services will have to your customers' data.
• Changing or removing: Explain how you go about modifying or deleting customer data.
• Transfers: Offer information on if, how, and when you'll share personal information with other businesses.
• Marketing: Give notice if you'll use the provided email address to send marketing information from your company.
• Changes: Provide any updates to the privacy policy.
• Questions: Offer frequently asked questions and answers regarding data collection and usage.

These elements generally abide by U.S. regulations. If you have customers in other parts of the world, such as the EU, make sure you assess privacy laws in the region when writing your privacy policy.

Image via Unsplash by benji3pr

How To Create a Privacy Policy

You have several options when creating your privacy policy. First, you can write your own by reviewing legislation, reading the policies of other companies in your industry, and creating your document. However, writing your own can be time-consuming, and if you don't have adequate information, you might accidentally miss a critical, legally necessary element of your policy.

The simplest and most effective way to create a privacy policy is to seek guidance from a contract lawyer. Online resources and templates may also be helpful, but a contract lawyer has the necessary skills and knowledge to help you structure an appropriate and comprehensive privacy policy that will meet the needs of your company and industry while satisfying legal and third-party services obligations.

How To Enforce Your Privacy Policy

You want to ensure that your customers know where to find your privacy policy and either agree to the terms or opt out if they want. The easiest way to do this is to create an immediate pop-up when your customer enters your website or before they submit personal data, like billing information for a purchase. Ask them to agree to the terms before proceeding.

Most companies provide a short snippet of their privacy policy with a link to the full text, which customers can also access on your website if they'd like to read the entire document.

An effective privacy policy is not just a great way to build customer trust. It's a legal necessity. If you're not sure how to get started, use the expertise of a contract attorney to help you create a customized privacy policy perfect for your business.