When building a website, privacy policy creation seems to intimidate website owners more than any other step of the process. The bad news is that it is necessary. The good news is that it’s pretty easy once you understand what it needs to say.
What is a privacy policy?
A privacy policy is a disclaimer placed on your website to tell your website users how you are going to handle their personal information. There are some circumstances where you are required by law to provide a privacy policy, but in general it is just a good business practice that fosters trust and encourages your website visitors to do business with you.
Where do I get one?
Once business owners decide that they need a privacy policy, many assume that they can copy and paste one from another website, use a standard template, or make their web developer write it. This is not a good idea! A privacy policy is a promise that you are making to your customers and you are ultimately responsible for keeping that promise. You are going to have to write it, although there are a lot of resources available to help you.
How do I get started?
As mentioned in the updated introduction to this post, the first step is to make sure you know what data is being collected about your website users and who is collecting it. Start with the most obvious data collection points – how do website visitors contact you? Do you have a form they can fill out with their contact info? Who has access to that data and how is it used and shared?
With the obvious data accounted for, think about any tracking codes you may have on your website. Do you have any type of website analytics tracking or CRM tracking? For information about what data these companies collect and who it is shared with, go to their websites and look up their privacy information (for example you can view information about Google Analytics data collection here).
Do you have any type of advertising on your website or social widgets? Do some research on any third party service or tool that is on your website and find out what data, if any, they collect and how they share it (for example, if you have Google ads placed on your site they have posted information about how they collect data as well as a guide of information to include in your privacy policy).
What do I put in the privacy policy?
Be concise and make it very easy to understand. You need to include the type of information you may collect from them while they are using your website, who you share that information with, and how they can contact you to access or change the information. Before you draft your privacy policy, we would recommend visiting the Better Business Bureau to view their privacy policy guidelines and samples:
• Privacy Policy – A Best Business Practice
• Tips on Establishing a Privacy Policy
• BBB Sample Privacy Policy
That wasn’t so bad. Now what?
When your privacy policy is written, it would be wise to have it reviewed by a lawyer. This is especially important if you are collecting sensitive information through your website, such as credit card numbers. Once you are ready to publish your privacy policy, it should be placed on your website and accessible from every page of the website.
