How to Create a Website Privacy Policy in 4 Steps
Having a website Privacy Policy is not only required in most cases but it is very beneficial. It helps you comply with privacy laws which then helps you avoid privacy-related fines and lawsuits. It also extends good will and makes you appear professional to your customers because it shows you care about their privacy.
There are 5 steps to creating and implementing a website privacy policy. Notice the title says you can do this in 4 steps but it did not say it would be easy.
Privacy Policy Step 1 - Review Your Website
If your website collects Personally Identifiable Information (PII) then it most likely requires a privacy policy, whether you share that info or not. PII is most clearly defined as any data that could identify someone. Examples of PII that are commonly collected by websites include names, email addresses, phone numbers, etc.
That’s why step one is to review your website to see what PII you are collecting and from where. The most common places where PII is collected include:
- Subscription signup forms
- Account creation forms
- Contact us forms
- Purchases
- Some analytics programs such as Google Analytics.
Once you’ve determine where PII is being collected, part B of this step is to determine how you are using the (or not using) the PII you collect.
Once you’ve completed the review of your site and identified how you’re using PII, you’ll need to determine which laws apply to you.
Privacy Policy Step 2 - Determine Which Laws Apply to Your Site
Privacy laws are what determine the disclosures your website Privacy Policy needs to have in it. While this task may seem daunting, skipping this step can leave you vulnerable to hefty fines and even lawsuits.
The sad truth is, the list of US states and other countries enacting privacy laws is changing so rapidly, whatever list I include here will soon be out of date. However, as of this writing, the following states have privacy laws with which you may need to comply
- California (2 laws)
- Nevada
- Delaware
- Virginia
- Colorado
- Utah
- Connecticut
Countries that have national laws regarding privacy are:
- Canada
- European Union
- Australia
Our affordable Website Policy Management Service helps you determine which policies you need and keeps them updated as the laws change. $150 Setup + $100 per year.
Privacy Policy Step 3 - Include All Required Disclosures
Your Privacy Policy must contain all of the disclosures required by the applicable privacy laws. Each set of laws has different requirements. Here are some of the more common types of information you may need to include:
- Privacy Policy effective date
- Primary contact’s name and contact information
- The specific type of PII you collect
- From where you collect the PII
- How you will use the PII
In reality, this list is a lot longer. And while you may not need all the disclosures that the “other guy” needs, it is still very important that you ensure that yours includes all the disclosures that apply to YOUR website. Missing even a single disclosure can mean that your Privacy Policy is not compliant, leaving your business at risk.
Our Website Policy Management Service includes all the disclosures for the laws that apply to you. $150 Setup + $100 per year.
Privacy Policy Step 4 - Follow Your Own Privacy Policies
Now that your Privacy Policy has been created with all of the proper disclosures, you should review it so you can be sure you adhere to the promises that it includes.
You should also ensure that it states where individuals can send privacy rights requests and how soon you will respond to those. Reviewing your policy helps you develop a response strategy for consumer privacy rights requests.
Privacy Policy Step 5 - Keep the Privacy Policy Up to Date
Sadly, the days of having a Privacy Policy created, placing it on your website, and forgetting about it are over. With all the proposed state privacy bills in the US, as well as other countries’ continuously updating laws, it is more important than ever to have a strategy for keeping your Privacy Policy up to date with any new laws.
Should You Really DIY Your Privacy Policy?
While creating your own Privacy Policy can be distilled into the 5 steps in this article, the time it takes to carry them out is astronomical. And, if you’re not a privacy attorney, you will likely miss something required.
If you do not have the time to spend hours on researching privacy bills across the world (who does?) and for updating your Privacy Policy whenever those laws change, we invite you to take advantage of our Website Policy Management Service We will follow changes in privacy bills and laws for you and make updates whenever a new privacy law is passed or changes. We can save you tons of time and headache.
Our Website Policy Management Service is super-affordable. $150 Setup + $100 per year.
