Ensure Compliance with Streamlined & Automated Privacy Policy Management
In 2019, the FTC issued a whopping $5 billion fine to Facebook over its mismanagement of data from approximately 87 million profiles. The fine – the largest imposed on a company for “violating consumer privacy” according to the Commission – capped a yearslong saga that (among other things) kickstarted a reckoning about how consumer data is used and how that use is disclosed.
If you own or lead marketing for a small or medium-sized business, your website doesn’t handle Facebook-levels of consumer data. But that doesn’t mean you should neglect your website’s approach to data – it’s likely top of mind for visitors as well as the State of California and the European Union.
According to a recent Pew Research Center study, 79% of surveyed U.S. adults say they are either “somewhat or very concerned about how companies use data collected” on them.
As a consumer, you may share similar concerns. As a business owner, you also likely understand that data your website and third-party diagnostic tools collect can be leveraged to provide better services and information to your customers.
It follows that your goal as a business owner should be to show web visitors that you understand their privacy concerns and take a thoughtful, responsible approach to how their data is managed – while streamlining their creation, ensuring they are comprehensive so they satisfy CCPA and GDPR requirements (even if you don’t have to – today), and automating their maintenance. If you use a template someone found on the web or your privacy policy has not undergone a thorough, legal review, you likely are not compliant with CCPA and GDPR and may be falling short of prospect expectations. The same goes for terms of use and cookie policies.
The best and simplest way to do it? With a privacy policy, terms of use, and cookie policy created and managed by Termly.
Privacy Policy 101
What Is a Privacy Policy?
A privacy policy is a statement an organization or entity makes about how it handles personal information. Handling, in this context, refers to how data is “collected, used, stored or destroyed” according to the International Association of Privacy Professionals.
Privacy policies let visitors to your site know you or a connected app may collect, use and / or share their Personally Identifiable Information (PII). PII can include non-sensitive information, like a zip code, or sensitive information, like a full name.
In addition to informing people about what may happen to their data and what kind of data is collected, policies must apprise individuals about any rights they may have regarding how their data is used.
Why Do Websites Need Privacy Policies?
Part I: The Laws
The United States does not currently have a unifying federal law governing how consumer data is protected. Instead, a confusing patchwork of regulation (at both the state and federal levels) exists.
Below are the two pieces of privacy legislation that most commonly apply to websites run by U.S.-based companies. If your business meets the criteria of any act or regulation below, your website must, legally, have a privacy policy.
1. California Consumer Privacy Act (CCPA)
CCPA is the piece of legislation that owners of U.S.- based businesses with a national scope should be most cognizant of.
It applies to for-profit companies that are based in or do business in California that either have a gross annual revenue over $25 million, handle the PII of over 100,000 California residents, or derive more than half of their annual revenue by selling California residents’ PII.
2. General Data Protection Regulation (GDPR)
GDPR is an expansive EU law that regulates data protection and privacy and is something any business that operates internationally should be aware of. It applies to any company that operates in the EU, conducts business in the EU or “monitors the behavior” of EU residents.
Companies who violate the acts and regulations above by not having a privacy policy may be fined.
Part II: The Apps
Even if your business doesn’t collect or use consumer data, your website may use an app that does.
Many apps, including Google Analytics, Google Merchant and HubSpot require you to have a privacy policy if you use their product(s).
Google Analytics, for example, is a third-party service that collects user data. If your website uses Google Analytics, you are required by Google (in the form of a privacy policy) to disclose that information to visitors.
But Do I Really Need a Privacy Policy?
Yes.
Even if you don’t think you meet any of the above criteria, it’s still a very good idea to have a privacy policy. It makes good business sense, it conveys your credibility and is, frankly, just the right thing to do.
When people visit your website and give you their personal information, they put their trust in your business – it’s your responsibility to make them feel that trust is earned. Having a privacy policy on your website is an easy way to build credibility; it’s a sign to visitors that you are serious about safeguarding their data.
Beyond the ethics, not having a privacy policy could actually harm your business.
A McKinsey study found that a whopping 87% of the respondents they surveyed about consumer data issues “said they would not do business with a company if they had concerns about its security practices.”
Don’t give visitors an opportunity to doubt your ability to protect their data by not publishing a privacy policy on your site.
Why Use Termly to Create & Maintain Your Privacy Policy
When creating a privacy policy for your website, you could create it on your own. Plenty of templates exist on the internet but, if you aren’t an expert, there is no guarantee that the policy is wholly compliant. Further, the onus is on you to update the policy as rules and regulations change.
Alternatively, you could use a lawyer to draft a policy. While it will likely be airtight, it will also almost certainly be costly. And, as above, you will have to work with the lawyer continuously to update the policy as regulations change.
If your website needs a simple but effective privacy policy, consider using Termly, which creates privacy policies for companies quickly and cost effectively. After filling out information about your business (which generally takes no more than a half hour), Termly will generate either a one-time policy free or charge or a continuously updated policy for under $200 annually.
Unlike DIY and lawyer-drafted policies, Termly does the heavy lifting for you. With privacy laws constantly in flux, you can rest assured that Termly will keep your policy up-to-date at no additional cost. The same goes for your terms of use and cookie policy.
Get Started Today
Having a privacy policy on your site is a no-brainer and so is generating your policy with Termly. Contact us if you would like an authorized agency partner to get you set up quickly so you never have to think about privacy policies, terms of use, and cookie policies again.
