While most of you won’t have to do anything about the internet’s latest hoo-ha, this is a good time to talk about your website’s privacy policy.
How much of a privacy policy does your website need? It used to be sufficient for a small website to declare: “We don’t collect, save or share your personal data with anyone!” or “We respect your privacy and protect your data with our secure site.”
If your site is very small and your audience smaller, you can still get away with it.
Site Tracking is data collection
There is nothing inherently evil with tracking what a visitor does on your site and how they interact with your content. It’s not much different than a clerk in the grocery store asking if you’ve found everything you need.
Collecting data can tell you what pages are viewed in what order, who views what pages and how long they take viewing it.
You’ll need to collect data if you have ads on your page, your advertisers need to know how their investment is paying off.
Most websites use Google Analytics to track traffic. Their terms of service specifically require a privacy policy.
“You will not and will not assist or permit any third party to, pass information to Google that Google could use or recognize as personally identifiable information. You will have and abide by an appropriate Privacy Policy and will comply with all applicable laws, policies, and regulations relating to the collection of information from Visitors. You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect data. You must disclose the use of Google Analytics, and how it collects and processes data. This can be done by displaying a prominent link to the site “How Google uses data when you use our partners’ sites or apps”, (located at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time). You will use commercially reasonable efforts to ensure that a Visitor is provided with clear and comprehensive information about, and consents to, the storing and accessing of cookies or other information on the Visitor’s device where such activity occurs in connection with the Service and where providing such information and obtaining such consent is required by law.”
What needs to go into your privacy policy?
The more you collect, the more you need to disclose.
- What you collect
- From whom
- Do you use cookies to collect data
- How long you keep the data
- What you do with the data
- Who you share it with.
- How often you will update the policy
Creating your policy
Looking at existing website policies is one way to develop your Privacy Policy – as long as those sites are policies were well drafted.
If your site is complicated, particularly user intensive, or focused on an international audience you may want to contact a lawyer who specializes in the subject.
There are also online generators with varying costs. Digital.com recently reviewed the top 12 Privacy Policy Generators. One probably meets your needs. https://digital.com/blog/best-privacy-policy-generators/
Publishing and updating your Privacy Policy
If the privacy policy is a simple sentence, post it on the bottom of your page near your copyright information. If it’s more, create a page and link from the bottom navigation.
Keep it up to date and don’t forget that it’s on the site. Make sure it’s crawlable (don’t block from robots). Make sure you’ve linked prominently if on a page that is overtly collecting data like your store or any forms.
Include the link on your newsletter near your unsubscribe / disclosure statements.
If you make it clear that any data collected is used to make your customer’s experience better you will be just fine. Your customers will appreciate the notice.
~JoMarie
