In our last blog about privacy policy creation we mentioned that in some cases a privacy policy is a legal requirement for a website. The following list mentions some of the cases where a privacy policy is required by law. This list is not comprehensive. If you have any questions about your own privacy policy requirements you should consult with a lawyer.

  • If you are collecting personal information from any California residents, California state law requires you to post a privacy policy.
  • If you process credit card transactions online, your credit card processor may require you to post a privacy policy as a part of your merchant agreement.
  • If you display Google AdSense advertising on your website, Google requires you to “post and abide by a transparent privacy policy that users see” as a part of your publishers agreement.
  • If your website is directed towards children or collects personal data from children under the age of 13, federal law requires a privacy policy that follows strict guidelines.
  • If your website is a financial institution (and this includes retail stores that extend credit to their customers), federal law requires you to post a privacy policy.
  • If you are a health care or plan provider, such as a doctor or pharmacy, federal law requires you to post a privacy policy.

Gwinnett Business Journal – “Policing Your Privacy Policy”
Google AdSense privacy policy requirements
Children’s Online Privacy Protection Act of 1998
Gramm-Leach-Billey Financial Modernization Act of 1999
Health Insurance POrtability and Accountability Act of 1996 (HIPAA)


  1. I found your blog on google and read a few of your other posts. I just added you to my Google News Reader. Keep up the good work. Look forward to reading more from you in the future.

  2. And if you are providing a portal to collect that information / directing the user to a site that will retain the information you submit ( as when you place a search in a search box , including the search tool on our websites)
    I am not out to advertise on your pages,but I felt that it should be added that any site or a portal to where input information is retained should have a privacy policy and terms of use : the user must be given the oppertunity to be aware that their information is NOT staying in that one place or that that it will be retained, accessibly retained, on a server someplace.

  3. I’m finding it more difficult to trust these social networking sites given their lack of privacy concerns. The facebook CEO also seems to have done some shady things in the early days of FB and has showed complete apathy towards the privacy concerns of the users. The lack of privacy is reaching absurd levels in social networking with other sites like Blippy appearing on the scene. Hopefully, facebook makes some changes soon.

  4. Thank you for posting this. Much more useful than many of the other articles I found on this topic.

Leave a Comment