Blogs
5 critical provisions in your privacy policy
If you're launching a website, one of the first things you need to post is a privacy policy. A good privacy policy gives your users some basic information about the data you're collecting and how you plan to use it. A privacy policy is critical to informed user engagement, and thinking through privacy concerns allows you to give users a better experience and mitigate legal risk.
'
WHY DO YOU NEED A PRIVACY POLICY?
Privacy law is not based on one single legal authority. Rather, there is a complex, overlapping body of United States federal and state statutory authority, alongside competing international legislation.
Often, cases involving privacy issues are brought under Section 5 of the Federal Trade Commission (FTC) Act, dealing with unfair and deceptive acts and practices affecting commerce, but not always.
A good privacy policy can help you avoid basic pitfalls under any of these systems. This article will examine a few key provisions that your privacy policy should include.
TYPE OF INFORMATION COLLECTED'
Your privacy policy should explain to users what types of information you are collecting. Are you using cookies to track purchases made after visiting the website? Are you storing passwords or sensitive personal information that requires additional privacy protections? These are the types of questions that your privacy policy should answer.
HOW INFORMATION IS USED
Next, you should inform users of how your website will be using their information. Are you collecting user information to make the content on your website better? Are you selling user information to third parties? Are you sending emails or retargeting users after they visit your site? All of these should be explained in detail in your privacy policy.
THIRD PARTY ACCESS TO INFORMATION
If you are transmitting or selling any user information to third parties, users should be made aware in your privacy policy. Additionally, it is a good practice to include an additional opt-in on submission of the information to your site.
HOW CHANGES'ARE COMMUNICATED
You should also include a provision explaining to users how to access any updates to your privacy policy that come at a later date. Often, this is done though posting a new version of your privacy policy to your site, but there are circumstances where you may want to make this more visible to users.
CONTACT INFO
Finally, you should include current, working contact information in case users have questions about your policy. Prompt, courteous responses to user inquiries are always better than responding to complaints from regulators, so contact information is a must.
These provisions contain the foundations of a good privacy policy. Remember that some states and countries have additional requirements that you should also include. This article is meant to be helpful and informative, but is not a substitute for reviewing regulatory guidance yourself or with counsel. [FF]
'