Privacy Policies for Your Web Site

Every web site needs a Privacy Policy describing the types of information it collects, how it is used, how it is shared, how it is stored and how it is protected. While there is currently no Federal law directly regulating the Privacy Policy, the regulations contained in other laws affect your web site and will be discussed below.

To date, with the exception of information about children under 13 regulated by COPPA, financial information regulated by the Gramm–Leach–Bliley Act, and health care information regulated by HIPPA, almost all laws concerning privacy originate in California.

I have written hundreds of privacy policies for e-commerce sites that want to sell into California, as well as privacy policies for companies that just want the public to know how they use their data. No respected web site would consider going without a privacy policy, and most of these are written to the California specifications.

Three New California Privacy Policy Laws Enacted in 2013: In October of 2013, California passed three new Privacy Policy laws. Web sites directed to residents of California will need to update their policies. Further, these new laws create greater liability for those who do not have a Privacy Policy than in the past.

Privacy Policies Problems Web Site Owners Create for Themselves: Many site owners have simply copied someone else’s privacy policy and are unaware of what they say, or the responsibilities the site owner has agreed to comply with. This is a very dangerous practice. Especially when the person you copied it from likely copied it from someone else’s website.

  1. Web site owners are bound by what their privacy policies state, and without using their own terms they could be in violation of their own privacy policy and not realize it.
  2. Many site owners do not realize proper formatting of the privacy policy is a matter of law regardless of what it says.
  3. Laws regarding privacy policies often change, and without continually updating your privacy policy, what was once a sound document two years ago is now outdated and potentially dangerous.