3 Reasons Your Website Needs a Privacy Policy (Important!)

Modern day technology allows consumers to access billions of websites at their fingertips in an instant.

While globalization has brought worldwide service providers and consumers closer than ever before, service providers need to protect personal information collected from users as well as reduce liability issues for their company by providing a privacy policy.

A privacy policy establishes a legally binding and mutually beneficial relationship between service providers and their consumers. Although providing a privacy policy is to fulfill a legal obligation on the part of the service provider, it is also a measure of good faith.

What is a Privacy Policy?

A privacy policy is a statement that specifies what the service provider will and will not do with the personal information that it has collected from users. It specifies the intent of the data collection and allows users to make a decision to participate in the company’s operations at their own free will.

While privacy policies, vary from country to country, it should disclose the purpose of the website, what type of information will be collected, how information is collected, how it is stored, and what the information will be used for. Personal information is any type of information that could be used to identify a person such as name, address, contact information, date of birth, etc.

During the process of drafting a privacy policy, service providers should not vaguely list the basic usage for the personal data collected, but they should include as much detail as possible, as well as including any type of usage or sharing that they foresee.

In this way, companies can avoid constant revisions. The policy does not necessarily need to use legal jargon but it is recommended to have an attorney review the policy to ensure that the it reflects the company’s purposes and intent.

Why All Websites Need a Privacy Policy

All websites need a privacy policy. Even if no data is being stored, just by being able to access an IP address is enough to consider as collecting personally identifiable data. Specifically for California, the California Online Privacy Protection Act of 2003 (Cal OPPA) requires online service providers that collect personal information from California residents to post a privacy policy listing the categories of personal data that is collected, the categories of third parties with whom the data may be shared with, the effective date of the policy and any revised versions.

In addition, the Cal OPPA has certain specifications on how conspicuously a privacy should be posted. The policy needs to be directly on the homepage or have a link or icon that says “PRIVACY” on the homepage. The link or icon needs to be displayed in a different font, font size, and color than surrounding text to ensure its visibility to users.

California also has a Shine the Light Law that requires service providers that share personal information with third parties to provide users with a list of the categories that are shared as well as allow users the option to remove themselves from information sharing if they choose to do so.

Any service provider not complying with their privacy policy will be in violation of the Federal Trade Commission Act. The Federal Trade Commission (FTC) actively investigates for any privacy policy violations and raises lawsuits against those companies.

A privacy policy is an agreement that establishes trust and respect between service providers and its users. It is recommended that service providers keep their privacy policies as updated as possible to ensure the accuracy of their information in addition to securing the personal data of their customers. 

Does your website need a Privacy Policy? Request one here. 

Sam Mollaei, Esq., business lawyer, from Mollaei Law can be reached @ (818) 925-0002 or by visiting MollaeiLaw.com

This post is written by Eren Ng, a political science student at UCLA who is an aspiring lawyer.