What are Website Policies?

Small business owners have a lot to worry about – salaries, business plans, clients, the actual product or service that they are offering, marketing, and much more. One requirement that often slips through the cracks is privacy law compliance. In truth, privacy requirements can seem daunting and confusing. One of the main reasons behind this confusion is that there are no resources that spell out privacy compliance requirements in plain language all in one place. Here is a brief overview to hopefully give you a better understanding of what some of the policies are and why you need them as a business.

Many small business owners have not received a formal introduction to privacy requirements. As such, the best place to start is with a description of the most important concepts. First, the term “privacy” is defined as the state or condition of being free from being observed or disturbed by other people. Privacy has also been defined as the right to be left alone. The individual’s right to privacy has been spelled out in the constitutions of certain states and countries. Meanwhile, others regulate this privacy via laws that protect the privacy of consumers online. Second, Personally Identifiable Information (PII) is any information that could identify someone or any information that relates to an identifiable person. Examples of PII include: Note that PII may also be referred to as “personal information” or “personal data.”

What is a Privacy Policy?

A Privacy Policy is a document that discloses what personal information you collect on your website, what you do with that information, and who you share it with, amongst other disclosures. Your website needs a Privacy Policy if you use it to collect personal information such as names and emails. Most websites collect personal information through contact forms or email newsletter sign-up forms.

If your website gets inquiries from across state lines, your business may be required to comply with multiple state privacy laws.

Why you need to keep your Privacy Policy up to date

Several states have proposed privacy bills that, if passed, would require websites that collect personal information to have a compliant Privacy Policy. These bills have different requirements for the disclosures that need to be made in a Privacy Policy and would impose heavy fines for failing to include those disclosures. Some states are proposing to allow consumers to sue businesses directly for not having a compliant Privacy Policy.

Fines for violations of privacy laws start at $2,500 per violation (per website visitor).

What are Terms & Conditions?

Terms & Conditions limit a company’s liability. If a user clicks a link to a 3rd party site that is hacked, and then that user gets hacked, a Terms & Conditions helps prevent that business from being sued.

Bonus fun fact: A Terms and Conditions (aka Terms of Use) can provide a DMCA Notice, which can help your business from being sued for improper use of copyrighted material (like licensed images).

What is a Cookie Policy?

A Cookie Policy further explains what cookies you use on your website and for what purposes. If you need to comply with privacy laws such as GDPR, UK DPA, PIPEDA and/or CCPA (while assuming your website uses cookies, as most do these days), you are required to provide these details so website visitors can understand what cookies you are placing on their browser.