In honor of Data Privacy Day, held annually on January 28th, I am outlining 4 reasons you must have a privacy policy.  Operating a website, blog or app exposes you and your business to the laws of the ‘world wide’ web.
Whether clients are hiring me for business consulting or legal advice, one of the biggest mistakes I see time and time again is failing to include terms of use and a privacy policy on their homepage. The terms of use is your contract with your website users that governs everything from intellectual property (yours and potentially theirs) to dispute resolution and jurisdiction (where you can be sued). The privacy policy outlines what information you collect, how it is handled, stored, secured, as well as informing users how you will handle a data breach and the procedure for correcting their personal information and opting out.

While including terms of use is legally advisable, it is voluntary; a privacy policy is not. 4 Reasons you must have a privacy policy:

1. It’s the Law 

In the United States, there are various applicable state and federal privacy laws that your website must comply with, even if you just have a contact form where users enter their name, phone number, or email address to contact you for a quote or to make an inquiry.

California, which leads the U.S. in privacy law, requires you to “conspicuously post your privacy policy” if you collect such information through the California Online Privacy Protection Act (CalOPPA). CalOPPA is set out in the California Business and Professions Code, under chapter 22, sections 22575-22579. Unless you can ensure your website, blog or app does not advertise or sell to California and jurisdictions with similar laws it’s best to cover your bases by complying with the most stringent privacy laws.

2. Save Money

 

“An ounce of prevention is worth a pound of cure.” – Benjamin Franklin.

 

Presumably, you went into business because you want to make money so don’t squander it by getting hit with hefty fines for failing to comply with state and federal laws. The Consumer Federation of California reports, “In 2012, the California Attorney General’s Office specifically applied CalOPPA to mobile applications for smartphones and tablets that collect personally identifiable information. Hundreds of apps providers were notified that they were in violation of CalOPPA, and they were given 30 days to submit compliance plans or face fines of up to $2,500 for each time their app was downloaded.”
Also, a privacy policy notifies users that your business is aware of, and complies with, the law which may save you money by deterring a lawsuit and limiting the grounds upon which suit may be brought.

 

 3. Establish Trust and Credibility

 

With the rise in identity theft and corporate data breaches, at a government and corporate level, consumers are extremely interested in protecting their personal information. Savvy customers want to know that you are safeguarding their information and how you will be using it. For example:

 

  • Will you resell?
  • If there is a breach will they be notified?
  • How do they opt out of mailings?
Having a privacy policy increases your professional credibility by evidencing your commitment to responsible information gathering and security measures, inspiring user trust.

 

 4. Third Parties (like Google® and Amazon®) Require It

 

Large companies seeking to reduce their own legal liability, and perhaps comply with international privacy law, will require you to have a privacy policy in order for you to use, advertise, distribute, etc. through their site.
There are many international laws, treaties, and pacts which govern data transfers and privacy policies between countries. Some provisions are voluntary while others are mandatory. For example, the EU-U.S. and Swiss-U.S. Privacy Shield Framework is a way for U.S. Companies voluntarily comply with E.U. and Swiss Law; there may be pros and cons for your company to do so.

 

For more information on which international privacy laws apply to your particular product or service, you should consult an attorney.