Why do you have a website for your business? Many business have chosen to make the investment into a website because it brings them leads or sales. To express their interest, prospective customers often submit their names, email and phone numbers through contact forms or newsletter sign up forms. While many business owners do not realize this, collecting leads through your website may require you to comply with certain privacy laws, and these laws require websites to have a Privacy Policy. This article covers various privacy laws that apply to websites, legal requirements and the consequences for not having one. That way, you’ll be able to make an educated decision on how to protect your business (and yourself!).
First, you only need to worry about Privacy Policies if your website collects Personally Identifiable Information (PII). PII is any data that could identify someone. Examples of PII include names, emails, phone numbers, and IP addresses. Websites commonly collect PII through contact forms, newsletter sign up forms, and analytics services such as Google Analytics. Below is an example of a contact form that collects PII – name and phone number.
The collection of PII by websites is governed by certain privacy laws. These laws can start applying as soon as you collect PII. That means that you don’t need to use, sell or share PII to be subject to their requirements. It is important to note that these laws protect consumers, and not businesses. This means that you could be subject to the laws even if you are not physically located in the states or countries in which the laws were passed. Thus, the following factors are the most important when determining what privacy laws apply to you:
As you can see, privacy laws have a very broad reach and can apply to you even if you have never even physically set foot in regulating state or country. If any of the above privacy laws apply to you, then you are required to have a Privacy Policy.
A Privacy Policy is a document that explains your privacy practices to visitors of your website. A Privacy Policy will generally state what PII you collect, what you do with it, and who you share the PII with. While these disclosures are the “meat and potatoes” of a Privacy Policy, privacy laws can require a lot of different and relatively obscure disclosures. For example, CalOPPA requires Privacy Policies to disclose how a website responds to Do Not Track signals, while the CCPA requires some Privacy Policies to disclose a toll free phone number where consumers can exercise their privacy rights.
Because a Privacy Policy is based on lawful requirements, every policy must be started with determining what laws apply to you. Then, the disclosure requirements of each law are used to draft your Privacy Policy. Thus, it is best not to copy and paste generic templates or use someone else’s Privacy Policy as doing so could leave you out of compliance.
Now that you are aware of the various privacy laws and the requirement of having a Privacy Policy, you may be wondering about the consequences of not having one on your website. Privacy laws impose heavy penalties for failure to comply, ranging from $2,500 per violation to €20,000,000 or more in total. In this case, “per violation” does not mean per website or per policy, it means per website visitor whose privacy rights you infringed upon. Even with just a few visitors to your website, this could still add up to a large fine.
PII is extremely valuable and as such, it is becoming a more highly regulated field every day. There are currently more than a dozen proposed privacy bills in the United States. While all of these bills are different, below are some notable common features:
As new bills are passed you’ll need to update your policy. Therefore, you need a Privacy Policy that complies with the laws of today and a strategy for keeping that policy up to date. To avoid fines, contact us and we will get you set up with a customized Privacy Policy for your website.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |