Here’s the Q&A between Adam and I, all about privacy policies.
Q: Is it a law or just a good idea?
AN: Both. There’s a California consumer privacy law that applies to all types of websites, in all industries, even those based outside of California. It says that if your site collects “personally identifiable information” (PII) from your visitors, you need to publish a policy that tells people how you do that and how you use the information they give you. PII includes obvious things like your visitors’ names and emails, of course. But it also includes information that your website is probably collecting from visitors perhaps without your knowledge or theirs. So you should assume you need a policy. Also, if your business is any sort of regulated industry like health care, education or financial services, there are much more complex privacy laws that you’ll need to navigate.
Bottom line: don’t build your online marketing strategy on a foundation that violates the rules of Facebook and Google as well as the law.
AN: Yes. These laws (and the Facebook and Google rules) apply to all websites, from a simple one-page site to the world’s most sophisticated e-commerce sites.
AN: No, but that’s what I recommend because it’s easiest. The law says the policy must be posted “conspicuously” and lists a few examples of ways you can do that. But the simplest way is to place a persistent link on each page’s footer pointing to the policy page.
AN: Yes, the California privacy law is very specific about details you must disclose to website visitors. Most of them are pretty straightforward: tell people what types of PII you collect, what kinds of third parties you might share it with, and how you’ll let them know in the future if you update it. But there are some pretty technical details, too. For example, if you track visitors’ browsing habits after they leave your website, you need to state how your site responds to “do not track” tools that some visitors use.
Q: Do I really need a lawyer for this, or can I write my own?
Q: When do I need to update my policy?
Q: What else do I need to know?