Three Reasons Why Your Website Privacy Policy May Need Revamping
When launching a website, most small businesses treat their privacy policies as an afterthought. However, a privacy policy that meets any of the descriptions below may need revamping, or else your business could be vulnerable to regulatory fines or in some cases even litigation.
1. Your Privacy Policy is Incomplete, Inaccurate, and Unclear
The purpose of a privacy policy is to give notice about how a website, app or other online service uses, stores and shares users’ information. A privacy policy that does not identify precisely what type of information is collected, how that information is stored, protected, and disposed of, how users will be notified about updates or changes, or how to “opt-out” is incomplete. If the privacy policy does not clearly define terms such as “personally identifiable information,” then it may be inaccurate. Finally, excessive legalese or technical jargon may render a privacy policy unclear, so try to make it as clear and concise as possible.
2. Your Privacy Policy Is Hard to Find
If users can’t find your privacy policy, then its notice function will be thwarted. At a minimum, a direct link to the privacy policy should be conspicuous on your homepage. However, while the law in this area is unsettled, a recent case involving Barnes & Noble regarding website “terms of use” suggests that for maximum effectiveness, users should be required to affirmatively acknowledge (i.e., “click” their assent) your privacy policy prior to first use.
3. Your Privacy Policy Does Not Reflect the Laws That Apply to Your Website and Business
A dizzying array of state, federal, and possibly foreign regulations may apply to your website and thus dictate what your privacy policy needs to say. Some states and regulatory agencies, like California or the FTC (Federal Trade Commission), either require or suggest that websites have privacy policies. However, if your website caters to children 13 or younger, the Children’s Online Protection Privacy Act (COPPA) specifically requires your company to have a COPPA-compliant privacy policy. Thus, website operators need to be cognizant of the laws applicable to their particular industries or target audiences.