In a recent study by the Pew Research Center, they discover that 79% of consumer respondents said they were concerned about data privacy and how companies are using the data they collect about them.
But how do you avoid risking your site’s reputation, or being involved in a security breach? What are the essential things you need in place to ensure that you and your customers are protected?
Yes, it does. Because your site will be in the public domain, you need to make sure you’re legally protected. Rules on privacy policies differ from country to country and even between regions.
It’s also worth being aware of individual state laws. In California, there is a state law called CalOPPA (The California Online Privacy Protection Act). This state law enforces strict rules on privacy and data collection.
Although this legal requirement was set up and passed in the European Union (EU), GDPR imposes obligations to any business or organization, internationally that collects data from anyone in the EU.
Data That Is Recognised as Personal Information
If you’re collecting information that could use to the identity of a person, it is classified as personally identifiable information. If your site is collecting any information from this checklist, then to make sure you’re legally protected, you will have to have a privacy statement somewhere on your site as well as ensure you have a procedure in place for data security.
- Name and surname
- Date and place of birth
- Address both past and present
- Contact information (telephone number, email, social media handles)
- Marital status as well as names and information of spouse or children
- Job role and place of work
- Any ID information including driving license and citizen cards
- IP addresses used by your computer or laptop
- Medical history
- Banking information including credit card and loan issuers
- Details of your car, including service, taxes, and insurance
- Any travel details that could disclose your whereabouts
- What type of information you will be collecting
- The reason for collecting this data
- How you will be storing the data and what security measures are in place
- Whether you are passing data on to a third party
- Details of any websites and organizations you’re affiliated to
- If you are using cookies to gather information
A cookie is a name given to a type of tracker that links to a device. These are blocks of data that a web server crates while you are browsing the internet.
Have you ever noticed if you perform a search for a particular item, and then you see adverts for similar items pop up elsewhere while you’re browsing the web? This is in part, due to cookies, as they track what you are doing online.
Cookie Consent Form
These are often pop-up banners and notifications that appear when you first visit a site. They explicitly ask for your consent to being tracked via an opt-in form. The user has to agree to your site deploying cookies on it.
Items to include here are any guidelines for using your site, information on how a customer can terminate their account, how the business can close an account if the user is deemed abusive, and details on how to opt out of services.
Return and Refund Policy
If your site is selling a product (physical or digital) or service, then you’ll need to have a clear return and refund policy.
This should include details on who to contact if there is a problem, how many days you have to return a product, how a refund is given, and any items that aren’t covered by a returns policy.
Your site’s disclaimer is a notice that limits any liabilities your site may have. This could include damages and information. This is essential to include if you’re selling products and services as it protects you (the company) from damages.
Affiliate Notice or Affiliate Disclosure
If your site is selling products from a third party, for example, Amazon, then you have to clearly state this on your site. This can be a short sentence explaining that some links on your site are affiliate links and that you earn a commission from any sales.
This affiliate notice needs to be at the top of your page or before your first affiliate link.
SSL and Data Security
Your site will need an SSL (Secure Sockets Layer) certificate. This enhances your website security. This is especially important if you have data being transferred as it ensures that sensitive data, like personal information, can not be read, modified, or used illegitimately by criminals.
This creates an encrypted link between a web server and a web browser, and sites without an SSL certificate flag up by Google as high-risk sites. If your internet security is not up to scratch, you run the risk of breaching customer confidentiality.
We’ve included a whole list of things in this article about ensuring your business is legally protected. It can feel overwhelming to keep your site on the right side of the law.
It can also be a challenge when global laws change. What if you’re suddenly not protected?
At Cosmik Carrot, we take the stress of not knowing away. Our experienced and knowledgeable team understands how important data privacy is to protect you and your customers. Speak to one of our team today, to find out how to automate this legal process of keeping your privacy policies up to date, the simple way.