The Importance of Data Privacy Policies on Your Website
In a recent study by the Pew Research Center, they discover that 79% of consumer respondents said they were concerned about data privacy and how companies are using the data they collect about them.
Data privacy policy implementation is critical to keep your site on the correct side of the law, but too few companies are doing this correctly.
But how do you avoid risking your site’s reputation, or being involved in a security breach? What are the essential things you need in place to ensure that you and your customers are protected?
You might even be wondering if your site needs a data privacy policy. This easy guide goes into the types of data protection policies your business website needs and the importance of the data policy page on your website.
What Is a Privacy Policy?
A privacy policy is a legal document on your site that needs to be accessible to anyone visiting. It discloses all the ways that your site gathers, uses, and manages customers’ or viewers’ data.
If a visitor to your site has to enter personal details, such as an email address, name, date of birth, or anything else that could be used to identify an individual, you are legally obligated to have a privacy policy in place.
Your privacy policy needs to declare how it collects the data and where it will be stored. It also needs to tell the customer or visitor if their personal information will be released and passed on to third parties.
A privacy policy could be in the form of a dedicated page on your site or a downloadable document. It should also be easy for a customer or client to find on your site. A common place is in the footer on the homepage.
Does My Site Need a Data Privacy Policy?
Yes, it does. Because your site will be in the public domain, you need to make sure you’re legally protected. Rules on privacy policies differ from country to country and even between regions.
For example, in the United States, there is no federal law that requires a business to have a privacy policy. However, there are federal laws in place that govern the use of privacy policies in certain specific circumstances.
The technicalities and phrasing of ‘specific circumstances’ can be confusing. It’s not only a good practice to have a privacy policy in place, but it will cover you for all eventualities.
It’s also worth being aware of individual state laws. In California, there is a state law called CalOPPA (The California Online Privacy Protection Act). This state law enforces strict rules on privacy and data collection.
If you have customers viewing your site from Europe, then your site will need a privacy policy in place. This falls under the General Data Protection Regulation (GDPR). Europe has some of the toughest privacy and security laws in the world.
Although this legal requirement was set up and passed in the European Union (EU), GDPR imposes obligations to any business or organization, internationally that collects data from anyone in the EU.
Canada, Australia, and the UK all have different variations of these laws. So to sum it up, if you have any type of online presence that can be accessed by anyone from anywhere in the world, then you will be required to have a privacy policy.
Data That Is Recognised as Personal Information
If you’re collecting information that could use to the identity of a person, it is classified as personally identifiable information. If your site is collecting any information from this checklist, then to make sure you’re legally protected, you will have to have a privacy statement somewhere on your site as well as ensure you have a procedure in place for data security.
- Name and surname
- Date and place of birth
- Address both past and present
- Contact information (telephone number, email, social media handles)
- Marital status as well as names and information of spouse or children
- Job role and place of work
- Any ID information including driving license and citizen cards
- IP addresses used by your computer or laptop
- Medical history
- Banking information including credit card and loan issuers
- Details of your car, including service, taxes, and insurance
- Any travel details that could disclose your whereabouts
What Should a Privacy Policy Include?
To be transparent you need to state clearly what is happening to the information gathered. It’s best to enlist the help of a legal team to ensure that you have catered for every eventuality to protect you and your customers. As a minimum, your privacy policy should include the following things:
- What type of information you will be collecting
- The reason for collecting this data
- How you will be storing the data and what security measures are in place
- Whether you are passing data on to a third party
- Details of any websites and organizations you’re affiliated to
- If you are using cookies to gather information
Cookie Policy
A cookie is a name given to a type of tracker that links to a device. These are blocks of data that a web server crates while you are browsing the internet.
Have you ever noticed if you perform a search for a particular item, and then you see adverts for similar items pop up elsewhere while you’re browsing the web? This is in part, due to cookies, as they track what you are doing online.
Your privacy policy needs to state what your site’s cookie policy is.
Cookie Consent Form
These are often pop-up banners and notifications that appear when you first visit a site. They explicitly ask for your consent to being tracked via an opt-in form. The user has to agree to your site deploying cookies on it.
Terms and Conditions or Terms of Use
These state the terms under which you (the business) and the viewer (the customer) use the site. Your terms of use need to be transparent and include user agreements.
Items to include here are any guidelines for using your site, information on how a customer can terminate their account, how the business can close an account if the user is deemed abusive, and details on how to opt out of services.
Return and Refund Policy
If your site is selling a product (physical or digital) or service, then you’ll need to have a clear return and refund policy.
This should include details on who to contact if there is a problem, how many days you have to return a product, how a refund is given, and any items that aren’t covered by a returns policy.
Site Disclaimer
Your site’s disclaimer is a notice that limits any liabilities your site may have. This could include damages and information. This is essential to include if you’re selling products and services as it protects you (the company) from damages.
Affiliate Notice or Affiliate Disclosure
If your site is selling products from a third party, for example, Amazon, then you have to clearly state this on your site. This can be a short sentence explaining that some links on your site are affiliate links and that you earn a commission from any sales.
This affiliate notice needs to be at the top of your page or before your first affiliate link.
SSL and Data Security
Your site will need an SSL (Secure Sockets Layer) certificate. This enhances your website security. This is especially important if you have data being transferred as it ensures that sensitive data, like personal information, can not be read, modified, or used illegitimately by criminals.
This creates an encrypted link between a web server and a web browser, and sites without an SSL certificate flag up by Google as high-risk sites. If your internet security is not up to scratch, you run the risk of breaching customer confidentiality.
What’s the Easiest Way to Keep My Data Privacy Policy up to Date?
We’ve included a whole list of things in this article about ensuring your business is legally protected. It can feel overwhelming to keep your site on the right side of the law.
It can also be a challenge when global laws change. What if you’re suddenly not protected?
At Cosmik Carrot, we take the stress of not knowing away. Our experienced and knowledgeable team understands how important data privacy is to protect you and your customers. Speak to one of our team today, to find out how to automate this legal process of keeping your privacy policies up to date, the simple way.