Website Privacy Policies: Do You Need One?

website privacy policies
Does your website have a proper privacy policy?

The United States Constitution protects us from the evils of quartering red coats, but it actually never mentions privacy. In fact, the United States could be accused of being “light” on privacy laws. Free speech? Absolutely. Privacy? Meh, not so much. So, does that mean that you don’t need a website privacy policy? Nope. You need one.

But if you have a website, you should definitely have a privacy policy on it. Why? Because in the age of plugins, a website privacy policy goes a long way in extraditing you from any slippery legal actions involving a third-party app.

Reasons You Need A Website Privacy Policy

Several potential FTC guideline violations can be simply addressed in a privacy policy. Doing so may save you from an FTC investigation.

Besides, nation-state borders are easily crossed online — passports are not needed. However, if people in the United Kingdom or Canada (or any other country) can interact or purchase products or services through your site, then your site must comply with UK and Canadian (or whichever countries) online privacy laws.

And guess what? Online privacy laws are a lot stricter in Europe and elsewhere.

What Should A Website Privacy Policy Include (At A Minimum)?

At a minimum, your website privacy policy should address concerns with:

(1) Notice;
(2) Consent;
(3) Choice;
(4) Access to Data;
(5) Transfer of Data.

Bear in mind that the previous five points are a bare minimum and do not fully guarantee that issues and problems won’t arise. Should problems arise, particularly in Arizona, and consumer data is breached you could face severe consequences. Here is an example of what the Arizona Revised Statutes say (Ariz. Rev. Stat. § 44-7501):

Arizona requires a person that owns or licenses computerized data that includes personal information to conduct an investigation when it becomes aware of unauthorized access to unencrypted personal information to determine if there has been a breach. If the investigation determines a breach has occurred, a person must notify the individuals affected. The disclosure is to be made without unreasonable delay, subject to law enforcement needs and internal investigations to restore the data integrity. Arizona further requires that a person that maintains computerized data that includes personal information that it does not own or license disclose any security breach to the owner or licensor immediately following the discovery.

Notice can be given (A) in writing, (B) by email, (C) by telephone or (D), in certain circumstances, by substitute notice that includes email, posting on the person’s website and notification by statewide media. Notification is not required if, after reasonable investigation, the person or law enforcement agency determines that a breach has not occurred or is not likely to occur. Personal information means a person’s first name or first initial and last name in combination with one or more of the following that is not encrypted or redacted: (A) social security number, (B) driver’s license number or identification card number, and (C) account number, credit card number, or debit card number in combination with security code, access codes or password. A person who complies with federal notification requirements or security breach rules, and a person who maintains notification procedures as part of an information security

Why You Shouldn’t Copy Another Website Privacy Policy

If your web property is in need of a privacy policy, simply copying a privacy policy from another site doesn’t cut it, and, technically could be considered copyright infringement.

To ensure your website is in compliance with state and federal regulations, contact us today!

Let's Talk » »
Legal Disclaimer | Privacy Policy | Terms of Service
© 2017 Kelly Warner Law PLLC. All Rights Reserved.
800: 1-866-570-8585
Office: 480-588-0449