ARTICLE April 11, 2022

Why Your Company Website Needs A Privacy Policy

Most business owners aren’t attorneys, haven’t the foggiest idea of what privacy statutes exist, or have never adopted or even read their own privacy statement on their company website.
Feature Image
Business owner’s wear many hats. Some of them are familiar and comfortable, others not so much. Your website’s privacy policy, and what it should include, probably falls into the category of a hat that isn’t worn often, if at all.
Here are some important reasons why having a well-drafted privacy policy is a must for your company’s website.

The Issue of Data Privacy is Becoming More Important

More data privacy legislation is passed every single year. Even in the absence of legislation, website visitors are becoming increasingly aware of the impact their data has. People want to know what information a website collects, why the owner is collecting it, and what the collector plans to do with it. A data privacy policy can answer those questions.

Privacy Policies Can Build Trust with Your Website Visitors

When done properly a privacy policy conveys to your customers that you are a legitimate company, transparent, and that you make an effort to abide by customer-centric practices. Building trust with the public is key to making customers happy. It just takes one disgruntled customer to announce to the world on social media that your company can’t be trusted with private information.
Transparency helps build trust and respect and demonstrates that you strive for excellence and good practices.

Recent and Expanding Legislation Requires a Privacy Policy

The legal landscape around privacy is constantly evolving. In the U.S., the Federal Trade Commission enacts hefty fines to businesses for not displaying an active privacy policy or those that fail to comply with the stated privacy policy.
The European Union’s General Data Protection Regulation (GDPR) is one of the most recent privacy laws to take effect, and the CCPA took effect in 2020. In addition, a growing number of states are also passing legislation requiring websites to have provisions contained in your website’s privacy policy.

  1. Gramm-Leach-Bliley Act (GLBA)

The GLBA is geared towards financial institutions. It went into effect in 1999, and similar to the two acts above, this law requires financial institutions notify their websites’ users of what data is collected, how it is used, and how it is protected. The GLBA defines financial institutions as “companies that offer consumers financial products or services like loans, financial or investment advice, or insurance.”
The one big difference between the GLBA and the other legislation is that the GLBA requires financial companies to give visitors a way to opt out of sharing their data with nonaffiliated companies.
Failure to comply with the GLBA can result in fines of up to $100,000 for each violation, and even jail time for the person responsible for the violation.

  1. General Data Protection Regulation (GDPR)

If you’re doing business in the the European Union has an extremely detailed set of regulations regarding data privacy in the General Data Protection Regulation (GDPR). The GDPR sets forth many requirements for websites that obtain information from their users (which most sites do through tools such as Google Analytics, cookies, web beacons, etc.).
The GDPR is one of the most well-known data privacy laws, partially because it is so new, and partially because of how big the changes are as a result of it. The GDPR went into effect in 2018. If your company collects data from European Union citizens (whether as a data controller or a data processor), there’s a chance you must comply with the GDPR, even if your company isn’t located in the EU.
This data protection law covers a number of data protection and privacy practices, and like the others on this list, it requires a data privacy policy that explains the following:
  • What types of data you collect
  • What you do with that data
  • How long your data will be stored for
  • How customers can get in touch with your company
If your company is found to be in breach of the GDPR, it could be fined up to €20 million or up to 4% of the annual revenue.

  1. California Consumer Privacy Act (CCPA)

California has specific privacy policy requirements that should be included in your privacy policy if your website has California residents visiting your site. The CCPA went into effect on January 1, 2020. This law affects companies that collect data on residents of California. California’s law covers a host of data privacy issues. Regarding data privacy policies, the CCPA requires that companies explain the following:
  • What data is being collected, and why
  • Whether that data is being sold or shared
  • Whether that data is being sold or shared
Failure to comply can result in fines of up to $7,500 per violation, regardless of whether the violation was intentional or not.
Website Polcy Statements Are Important Company Documents
Companies Should Adopt Carefully Drafted Policy Policies

External Tools Require Data Privacy Policies

Additionally, app stores like Google Play and Apple require app developers to have privacy policies linked to their apps before they are approved.
In addition to the various legal reasons to have a privacy policy, as a practical matter, you need one because Google requires it. For most, a website is an opportunity to interact with users that are looking for answers to specific searches or get traffic from online advertising. But no matter how high quality your content or how engaging your ads, Google won’t work with you if your site doesn’t have a privacy policy that meets their specifications.
  • Google Analytics. Google's terms of service state, “You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies.” Along with that, you also need to explicitly state that your website uses Google Analytics and how that data is used.
  • Facebook Lead Ads. Not all types of Facebook ads require a privacy policy. But if you use Facebook Lead Ads, which can collect more information than other Facebook ads, you’re required to put a link to your privacy policy.
  • Twitter Ads. If you use Twitter ads that “collect user volunteered data,” you must link to your privacy policy.
Other tools that collect data on your behalf also require privacy policies, and the list is ever explanding. For example, automatic marketing tools such as Salesforce and Keap, and mobile messaging apps used for marketing usually require a data privacy policy.

Conclusion

It’s best to review the terms of service of your data collection tools and make sure you’re including any necessary language about each tool in your privacy policy. If app users can't find your privacy policy for whatever reason, your app could be suspended or even worse, shut down. At the very least this means that you will lose revenue from being shut out from the online world.