Why Your Website Needs a Privacy Policy

The California Online Privacy Protection Act requires a website to “conspicuously post” a privacy policy if it “collects and maintains personally identifiable information from a consumer residing in California.”

“Personally identifiable information” is defined very broadly to include a first and last name, a physical address, an e-mail address, a telephone number, or any other information that permits the contact of an individual.  So, even if you are not selling a product, your website will need a privacy policy if visitors can submit their e-mail addresses to receive news and updates from you.

If a privacy policy is required, it must contain five items:

  1. Information Collected - The categories of personal information the website collects.
  2. The categories of third-parties with whom the company shares the information.
  3. How the consumer can review and request changes to their information collected by the company.
  4. How the company notifies consumers of material changes to its privacy policy.
  5. The effective date of the privacy policy.

If you are required to have a privacy policy, it must be “conspicuously posted.”  The policy is conspicuously posted if it:

  1. Appears on the homepage of your website – usually not an aesthetically pleasant option.
  2. The website can have an icon on the home page that contains the word “privacy” – not a bad option.
  3. The most popular option is to have a link at the bottom of the homepage that contains the words “Privacy Policy.”

Under the California Unfair Competition Law, website operators who do not comply with the California Online Privacy Protection Act could be sued by the California Attorney General, District Attorneys, County Counsel, or City Attorneys for "unfair competition."

Privacy policies vary depending on how the website collects and uses consumer information, but a good example is the privacy policy for Modify Watches, which can be viewed here.

The key is to make sure the privacy policy complies with the law while also making it easy for visitors understand. Too much legalese will just confuse and frustrate visitors trying to determine how their personal information is being collected and used by your website.

Disclaimer: This post discusses general legal issues, but it does not constitute legal advice in any respect.  No reader should act or refrain from acting on the basis of any information presented herein without seeking the advice of counsel in the relevant jurisdiction.  Doug Bend expressly disclaims all liability in respect of any actions taken or not taken based on any contents of this post.

Doug Bend is the principal of The Law Office of Doug Bend, a law firm focused on start-up and small businesses. He is also the General Counsel for Modify Industries, Inc. and tIFc LLC and a Legal Mentor in The Hub Ventures Program.

The Young Entrepreneur Council (Y.E.C.)The Young Entrepreneur Council (Y.E.C.) provides its members with access to tools, mentoring, community and educational resources that support each stage of their business’s development and growth. Our organization promotes entrepreneurship as a solution to youth unemployment and underemployment.

About Doug Bend

Doug Bend is the principal of Bend Law Group, PC, a law firm focused on small businesses and startups. He is also the General Counsel for Modify Industries, Inc. and tIFc LLC and a Legal Mentor in The Hub Ventures Program.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>