Bringing Your Business Online: Privacy Policy
The current COVID-19 pandemic has forced many businesses online in order to survive. In many cases, businesses had no plans to be online. Others were forced to move online more quickly than planned. In order to assist these businesses, we are preparing a series of articles discussing some of the more important legal issues to address when moving your business online. In Article 1: Website Terms, we discussed online terms and conditions to protect your business.
The next element to consider is a privacy policy. A privacy policy is a document that discloses:
The most important thing about a privacy policy is that it reflects the business’s actual practices. The Federal Trade Commission and state attorney generals have brought enforcement actions and imposed fines and monitoring orders against businesses that have not followed established privacy policies. This also means that the policy needs to be updated whenever the business’s collection, usage and disclosure practices change over time.
There is no one law that governs privacy policies or that prescribes what to include. Federal laws impose specific requirements for businesses in the health care and financial services industries and for businesses that collect personal information about children. A few states also have laws requiring privacy polices if a business collects personal information from residents in those states. If a business is targeting residents of the European Union (EU), then the requirements of the EU’s General Data Protection Regulation (GDPR) also apply. Certain popular Internet tools, such as Google Analytics and Facebook Lead Ads, also require privacy policies.
It is tempting to just copy a privacy policy from another website, especially when you are rushed for time. However, there is danger in doing this, as the other company’s privacy policy may not address laws that apply to your business. Even worse, the other company’s information collection, usage, security and sharing policies are probably different from those of your business. You expose your business to unnecessary liability because you will not be following “your” privacy policy. It is much safer to construct your own agreement tailored to your business.
If your website does not have a privacy policy, we would be happy to discuss your requirements and assist you. Partridge Snow & Hahn Partner John Ottaviani has over 25 years of experience bringing businesses online and can provide the guidance needed to make the transition as painless as possible. He can be reached at jottaviani@psh.com or 401-861-8253.
Click here for a shareable PDF of this article.
Article 2: Privacy Policy
The next element to consider is a privacy policy. A privacy policy is a document that discloses:
- What personal information the business collects from individuals online;
- How the personal information is collected;
- How the business uses the personal information;
- How and to whom the business discloses the personal information;
- How the business manages and stores the personal information that it collects; and
- How the individuals can correct the personal information.
The most important thing about a privacy policy is that it reflects the business’s actual practices. The Federal Trade Commission and state attorney generals have brought enforcement actions and imposed fines and monitoring orders against businesses that have not followed established privacy policies. This also means that the policy needs to be updated whenever the business’s collection, usage and disclosure practices change over time.
There is no one law that governs privacy policies or that prescribes what to include. Federal laws impose specific requirements for businesses in the health care and financial services industries and for businesses that collect personal information about children. A few states also have laws requiring privacy polices if a business collects personal information from residents in those states. If a business is targeting residents of the European Union (EU), then the requirements of the EU’s General Data Protection Regulation (GDPR) also apply. Certain popular Internet tools, such as Google Analytics and Facebook Lead Ads, also require privacy policies.
It is tempting to just copy a privacy policy from another website, especially when you are rushed for time. However, there is danger in doing this, as the other company’s privacy policy may not address laws that apply to your business. Even worse, the other company’s information collection, usage, security and sharing policies are probably different from those of your business. You expose your business to unnecessary liability because you will not be following “your” privacy policy. It is much safer to construct your own agreement tailored to your business.
If your website does not have a privacy policy, we would be happy to discuss your requirements and assist you. Partridge Snow & Hahn Partner John Ottaviani has over 25 years of experience bringing businesses online and can provide the guidance needed to make the transition as painless as possible. He can be reached at jottaviani@psh.com or 401-861-8253.
Click here for a shareable PDF of this article.