Privacy Policy: Say What You Mean and Mean What You Say
A privacy policy is a legal statement explaining how your business collects, handles, processes, and respects the personal data collected from your customers on your website or app. You need one if you collect user data on your digital marketing platforms.
Privacy laws are a mish-mash of federal and state regulations. Many of your connected website apps will require you to have a privacy policy, even if no specific law requires you to have one. Here are some regulations that can help you figure out what may apply to your business:
The Federal Trade Commission Act: Regulates commercial practices.
Electronic Communications Privacy Act: This brings computer and other digital communications interceptions into what used to be called the Wiretap Act. It protects electronic communications from interception.
Computer Fraud and Abuse Act: Makes unauthorized computer and data access illegal. This law was intended to criminalize hacking but it is considered by many to be overbroad and have unintended consequences.
Children's Online Privacy and Protection Act: Requires parental consent before collecting information from children under the age of 13.
CAN-SPAM: Controlling the Assault of Non-Solicited Pornography and Marketing Act: Governs deceptive email marketing. We will discuss this more at a later date.
Financial Services Modernization Act: Governs personal information use by financial institutions.
Fair and Accurate Credit Transactions Act: Requires creditors and other financial institutions to maintain identity theft prevention programs.
Many states also have specific privacy laws. California's law, called the California Online Privacy Protection Act , is the most comprehensive and strict nationwide, so most companies use it for guidance when structuring their privacy policies. If your customers could come from all over the country, you should include California provisions in your terms and conditions.
If you have global customers or website visitors make sure you're meeting all the necessary legal requirements.
The two most important aspects of the privacy policy are (1) draft one if you collect so much as a name and email from your customers and (2) follow your own policy. Beyond that, make sure you have data security measures in place. Look into cyberliability insurance.
