Why Your Website Should Have a Privacy Policy and What It Should Say

The California Online Privacy Protection Act requires a website or online service (includes mobile apps for smartphones and tablets) to “conspicuously post” a privacy policy if it “collects and maintains personally identifiable information from a consumer residing in California.”

“Personally identifiable information” (PII) is very broadly defined to include an individual’s first and last name, physical address, e-mail address, telephone number, or any other information that permits the contact of an individual.  So, even if you are not selling a product or service, your website needs a privacy policy if visitors can submit their e-mail addresses to receive news and updates from you.

What Does the Policy Need to Include?

If a privacy policy is required, it must contain seven items:

  1. Information Collected: The categories of personal information the website collects.
  2. Categories: The categories of third-parties with whom the company shares the information.
  3. Review & Request: How the consumer can review and request changes to their personal information collected by the company.
  4. Tracking: How your site responds to “do not track” indicators from web browsers.
  5. Cookies: Whether there are third party tracking cookies (or other tracking mechanisms), such as advertising cookies. 
  6. Notifications: How the company notifies consumers of material changes to its privacy policy.
  7. Date: The effective date of the privacy policy.

Where Should It Be Posted?

If you are required to have a privacy policy, it must be “conspicuously posted.”  Some options for conspicuously posting:

  1. Least Popular: Appears on the homepage of your website – usually not an aesthetically pleasant option.
  2. More Popular: An icon on the home page that contains the word “privacy” – not a bad option.
  3. Most Popular: A link at the bottom of the homepage that contains the words “Privacy Policy.”

What Can Happen If You Don’t Have A Privacy Policy?

Under the California Unfair Competition Law, website operators who do not comply with the California Online Privacy Protection Act could be sued by the California Attorney General, District Attorneys, County Counsel, or City Attorneys for “unfair competition.”

There Is No One-Size-Fits All!

Privacy policies vary depending on how the website collects and uses consumer information.  The key is to not only make sure the privacy policy complies with the law, but also have the policy be easy to understand so visitors do not get frustrated with legalese when trying to determine how their personal information is being collected and used by your website.

If you have any questions regarding privacy policies or any other business legal issue, please contact us at (415) 633-6841 or info@bendlawoffice.com.

Disclaimer: This article discusses general legal issues and developments. Such materials are for informational purposes only and may not reflect the most current law in your jurisdiction. These informational materials are not intended, and should not be taken, as legal advice on any particular set of facts or circumstances. No reader should act or refrain from acting on the basis of any information presented herein without seeking the advice of counsel in the relevant jurisdiction.  Bend Law Group, PC expressly disclaims all liability in respect of any actions taken or not taken based on any contents of this article.