What is a privacy policy, and why does my website need one?
A privacy policy is a legal document, required by privacy laws, that communicates how an organization or website collects, uses, discloses, and manages the data shared by a client or user.
In the case of a website, this means any information that a user might be asked to provide for a Contact Form, Newsletter signup, or ECommerce purchase. Any information that can be linked to a user or their identity should be covered by your Privacy Policy. You should also have some form of policy language regarding any use of cookies or tracking, such as Google Analytics.
What does it protect me from?
In the online world, things are constantly changing, and digital privacy laws all over the world are no exception. If your business is located in the United States and received visitors from other countries you’re bound to adhere to the laws of that user's location.
Currently, there are multiple privacy laws in the United States and across the world that require most websites that collect personal information to have a Privacy Policy:
- European Union’s General Data Protection Regulation (GDPR);
- United Kingdom’s Data Protection Act 2018 (UK DPA 2018);
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA);
- Australia Privacy Act of 1988; The California Online Privacy Protection Act (CalOPPA);
- The California Consumer Privacy Act (CCPA);
- Delaware Online Privacy Protection Act (DOPPA);
- Nevada’s Revised Statutes Chapter 603A; Colorado Privacy Act (goes into effect in 2023);
- and Virginia Consumer Data Protection Act (goes into effect in 2023).
These laws were created to protect the consumers of those states and countries, not the businesses. This means that these laws can apply to businesses outside of those states and countries and may apply to you if you do business there, collect the personal information of residents of those states or countries, or offer goods or services there.
Fines for violations of privacy laws start at $2,500 per violation (per website visitor).
How do you keep up with the changes?
If you have in-house counsel you should have your privacy policies checked for accuracy every few months. Monitoring the laws and changes will help you keep up with what’s necessary.
Over a dozen states have proposed or already are implementing privacy laws to protect the Personally Identifiable Information (PII) of its citizens. Each of these laws has unique requirements as well as unique penalties for not complying. Some states are proposing businesses be fined over $5,000 per infringement (per website visitor). Some states are proposing private right of action (meaning citizens of that state can sue businesses anywhere in the US). Read our state privacy law tracker for more information.
Is there an easier way to keep my Privacy Policies accurate and protect my business?
Yes. Valet has partnered with Termageddon, a Privacy Policy generator that will update your website’s policies automatically whenever the laws change. There are more and more privacy law requirements and the resulting penalties for not complying will affect not only your website but your entire organization.
The International Association of Privacy Professionals (IAPP.org) has listed Termageddon as the longest-standing and trusted privacy technology vendor. And they offer the following website policies for organizations formed in the US, Canada, UK, and Ireland.
- Privacy Policy;
- Terms of Service;
- Disclaimer;
- and End User License Agreement.
With Termageddon, even as laws change, you can have the peace of mind of knowing that your policies are changing with them. There are digital privacy laws that differ even from state to state, and country to country. Termageddon works with each and every change in those laws. As a website owner, there are so many things to do, and this is one less thing you’ll have to think about.
Websites are an essential asset for businesses and non-profits, and here at Valet, we care about your organization as a whole.
To get your own Termageddon account you can contact us and have us manage the setup and implementation, or you can self service by clicking here.