Website Privacy Policies: Do You Need One?

website privacy policies
Does your website have a proper privacy policy?

The U.S. Constitution protects us from the evils of quartering Redcoats, but it doesn’t mention privacy. In fact, the United States is “light” on privacy laws. Free speech? Absolutely. Privacy? Meh, not so much. Which raises a question: Must websites have privacy policies?

Quick answer: Yes, you should have a privacy policy on your website. Why? Because in the age of plugins, a website privacy policy goes a long way in extraditing you from any slippery legal actions involving a third-party app.

Reasons You Need A Website Privacy Policy

Several FTC guideline requirements can be addressed in a website privacy policy. And having one may save you from an FTC investigation.

Besides, national borders are easily (and regularly) crossed online — passports not required. However, if people in the United Kingdom or Canada (or any other country) can interact or purchase products or services through your site, then your site must comply with the UK and Canadian (or whichever countries) online privacy laws.

And guess what? Online privacy laws are a lot stricter in other countries.

What Should A Website Privacy Policy Include (At A Minimum)?

At a minimum, your website privacy policy should address concerns with:

(1) Notice;
(2) Consent;
(3) Choice;
(4) Access to Data;
(5) Transfer of Data.

Bear in mind: these five points constitute a bare minimum and don’t fully guarantee that issues and problems won’t arise. Should problems arise, particularly in Arizona, and consumer data is breached, you could face severe consequences. To wit, Arizona’s Revised Statutes say (Ariz. Rev. Stat. § 44-7501):

Arizona requires a person that owns or licenses computerized data that includes personal information to conduct an investigation when it becomes aware of unauthorized access to unencrypted personal information to determine if there has been a breach. If the investigation determines a breach has occurred, a person must notify the individuals affected. The disclosure is to be made without unreasonable delay, subject to law enforcement needs and internal investigations to restore the data integrity. Arizona further requires that a person that maintains computerized data that includes personal information that it does not own or license disclose any security breach to the owner or licensor immediately following the discovery.

Notice can be given (A) in writing, (B) by email, (C) by telephone or (D), in certain circumstances, by substitute notice that includes email, posting on the person’s website and notification by statewide media. Notification is not required if, after reasonable investigation, the person or law enforcement agency determines that a breach has not occurred or is not likely to occur. Personal information means a person’s first name or first initial and last name in combination with one or more of the following that is not encrypted or redacted: (A) social security number, (B) driver’s license number or identification card number, and (C) account number, credit card number, or debit card number in combination with security code, access codes or password. A person who complies with federal notification requirements or security breach rules, and a person who maintains notification procedures as part of an information security.

Why You Shouldn’t Copy Another Website Privacy Policy

If your website is in need of a privacy policy, copying a privacy policy from another site doesn’t cut it, and, technically could be considered copyright infringement.

To ensure your website is in compliance with state and federal regulations, contact us today!

Contact An Internet Law Attorney »
Legal Disclaimer | Privacy Policy | Terms of Service
© 2017 Kelly Warner Law PLLC. All Rights Reserved.
800: 1-866-570-8585
Office: 480-588-0449