Does Your Website Need a Privacy Policy?

Posted on by Donata Kalnenaite
Home > Blog > Security > Does Your Website Need a Privacy Policy?

Are you struggling to understand the new data regulations, or do you eyes cloud over when you hear about data privacy?

You may have heard of GDPR, CCPA, the Nevada privacy law, and cookie notifications. It’s easy to get lost and confused with all of these rules and regulations.

If you are not sure if your website needs a Privacy Policy, or even what one is, this blog post is for you.

We will help clear up what a Privacy Policy is, whether your website needs one, and why. In truth, there are simple answers to these questions that don’t need a thirty-hour study session to understand.

What is a Privacy Policy?

First, a Privacy Policy is a document that explains how you handle the personal information that you collect on your website.

At its most basic level, a Privacy Policy discloses:

  • What information you collect
  • What you do with that information
  • Who you share it with

If you already have a Privacy Policy, don’t wipe your brow in relief just yet. While the three items above are the main points of a Privacy Policy, you need to make other disclosures as well.

Check Mark Get more insight into data privacy sent straight to your inbox. Subscribe to our weekly newsletter.

As you can see, a website privacy policy provides important information to people who visit your website. After all, with data breaches, security leaks, and other malicious activity seemingly happening every other day, consumers want to know what is happening with their information.

Did you also know that you may be required to have a Privacy Policy by law?

abstract of users data and a website privacy policy

Which Websites Need a Privacy Policy?

Websites that collect Personal Information need to have a Privacy Policy. Personal Information is any information about an identifiable person.”

Some examples of this type of information can include: name, email, phone number, or address. You may be collecting this type of information on your contact form or email newsletter sign-up form.

This means that you are collecting Personal Information, and thus need to have a Privacy Policy.

Common Misconceptions

Let’s talk about some common misconceptions regarding this topic.

Some people believe that you only need a Privacy Policy if you are collecting financial information. While financial information is considered Personal Information, you need a Privacy Policy if you collect any type of Personal Information, not just financial information.

Furthermore, others believe that they do not need a Privacy Policy if they do not share the Personal Information with third parties. While sharing data is a disclosure that is made in the Privacy Policy, it is not the only disclosure in a Privacy Policy. Therefore, you would still need a Privacy Policy even if you do not share the data you collect.

what regulations concern website privacy policy

Why Does Your Website Need a Privacy Policy?

Now that you know what a Privacy Policy is and that your website most likely needs one, you may be asking yourself why it is required? The truth is that there are currently four laws in place that require most websites that collect Personal Information to have a Privacy Policy.

The Four Laws Currently Affecting Privacy Policies

The first of these laws is European Union’s General Data Protection Regulation (GDPR), which protects the privacy of EU residents. GDPR requires websites to obtain informed consent before they collect Personal Information. Informed consent means providing certain disclosures, which are made in a Privacy Policy.

The second law is the California Online Privacy Protection Act (CalOPPA). This law requires any websites that collects the Personal Information of California residents to have a Privacy Policy.

The third law is the California Consumer Privacy Act (CCPA). This is a new law that will go into effect on January 1st, 2020 and requires websites to make specific disclosures in a Privacy Policy.

Lastly, we have the Nevada privacy law and its recent amendment, which went into effect on October 1st, 2019. This law requires websites to have a Privacy Policy and to disclose whether you sell the Personal Information that you collect and how consumers can opt out of such sales.

A common misconception is that if your business is not located in a country or state mentioned above, then you are in the clear. Unfortunately, that is just not the case.”

These laws were written to protect the people of that country or state. Since consumers do not always search online by location of the business and the Internet has no physical boundaries, it is very likely that some or even all of these laws may apply to you, regardless of your physical location.

Thus, it is smart to have a compliant Privacy Policy.

Regulations are Constantly Changing

Lastly, the world of privacy regulations is constantly changing. Currently, about ten states have proposed their own privacy bills. If passed, these bills would affect websites all over the United States, how their Privacy Policies are written, and may even enable consumers to sue businesses directly for not having a Privacy Policy.

Unfortunately for businesses as well, fines for non-compliance can be steep, with some fines costing $2,500 or more per website visitor.”

It is clear that websites that collect Personal Information need to have a Privacy Policy that complies with existing privacy laws. Not having one can lead to lawsuits and heavy fines. Businesses should also have a strategy for keeping up to date with changing and new privacy laws and for updating Privacy Policies in such cases.

Liquid Web Can Help With Compliant Web Hosting

Learn more about how Liquid Web cares about your data privacy.
Avatar for Donata Kalnenaite
About the Author

Donata Kalnenaite

Donata Kalnenaite is a privacy, technology, and contracts attorney. She is also a Certified Information Privacy Professional and the President of Termageddon, a software company that generates Privacy Policies. Donata's work has been featured by the International Association of Privacy Professionals and she has taught GDPR to other attorneys at the Illinois State Bar Association. In her free time, Donata enjoys beekeeping, walking her dogs and reading books about submarines.

View All Posts By Donata Kalnenaite