3 Shortcuts To Avoid With A Data Privacy Policy
There are a lot of features that are useful, and often necessary, for a business, start-up, side-hustle, solopreneur, or creator (holler in the comments if I missed any!) to have a functioning website. These include security, contact forms, landing pages, about pages, branding…I could go on.
There are two features that website owners are legally required to include.
One is accessibility. This is something that’s been throughout the 2010s into today as part of the design process, and it’s something that’s starting to have a bit more of a bite in the web development space.
The other one is a privacy policy. If you collect any data at all — emails, analytics, contact information from a form — this is an absolute must.
(FYI — This article has affiliate links in it. I’m not recommending anything that I don’t ready use on my own website, or wouldn’t recommend to clients myself to protect them from liability.)
“What, like for GDPR? I don’t have clients in Europe.”
If you collect data from anyone residing in a jurisdiction with data privacy laws on the books, you’re required to have a privacy law that covers those visitors. This data could come from a contact form, Paypal purchase, or even from your analytics software.
As a website owner, while it’s Google’s responsibility to comply with these laws, privacy laws require you to disclose that you are using those products in your policy, and how that data will be used.
Furthermore, it’s not just GDPR anymore. As a brief taste of what the next few years have in store, this is an (incomplete) list of the laws requiring a privacy policy for most websites:
- General Data Protection Regulation (GDPR);
- UK Data Protection Act 2018;
- California Online Privacy and Protection Act of 2003 (CalOPPA);
- California Privacy Protection Act (CCPA);
- Personal Information Protection and Electronic Documents Act (PIPEDA);
- Delaware Online Privacy and Protection Act (DOPPA);
- Nevada Revised Statutes Chapter 603A;
At the time of writing, at least a dozen other states are putting forward proposals for their own privacy laws, which would apply to most businesses. Given how fast this list is growing, this means that a lot of templated policies currently in use are out of date, or will be soon.
In addition, data privacy is hardly a matter of lip service. Data breaches over the last few years have absolutely massive in scale, and governments are finally gaining the momentum to regulate just how much information businesses gather as a result in order to stem the flow by making sure businesses think hard about what information they ask clients and visitors to give up. The GDPR alone has levied massive fines to larger corporations over the last few years:
While this is a list of large companies getting hit by fines, some of the laws dealing with data privacy don’t distinguish between a large company and your small business. Chances are, neither will a client who has had their data stolen. Fines for non-compliance can start at $2,500 per infringement (aka per website visitor) in some US states, and run up from there.
I generally take an ‘experiment and calibrate’ approach to web design. This is one of the areas which needs to be locked in properly from the start.
The ‘quick fixes’
There’s a lot of bad advice going around on how to get up to speed and up to date on dealing with data privacy at the individual website level. A few of the quick fixes people reach for, and why they can land you in hot water:
1. Copy and paste someone else's privacy policy with your own edits
In addition to the copyright infringement (hoo-raaaaay, litigation), you can’t guarantee that the policy you used was up to date with current laws, and you’ll be on the hook to ensure that they will continue to do so. Given the acceleration of data policy creation worldwide, do you really have to time and/or energy to do that?
2. Use a template you found online
This option is a popular one. A lot of reasonably reputable WordPress themes even come with a privacy policy included when they spin it up; StudioPress does a decent job of giving you something to work with — they even auto-generate the policy page for you. However, What you tend to end up with is a generic, static page. You’re still on the hook to keep this up to date. Better than nothing, but it’s a bandaid placeholder solution that’s not really meant to survive contact with a live server.
3. Write it yourself! You know my business best….right?
You….could?
But consider: there has been a lot of legal discourse on the best way to write a privacy policy. This is a topic that lawyers specialize in and keep track of. If that is not your specific niche, it is very likely that the policy you write would be full of holes, missing information and not meet the required standards.
Once again, there is an avalanche of privacy policies being passed worldwide, and they are not all the same. Do you really have the time, expertise and energy to keep up? If you have a lawyer on staff for data privacy, that would be ideal, but if you’re reading my articles here on Medium, you’re likely not in that minority.
Here’s what I do instead
When I ran my experiment to set up the Garden Nook Studio website in an evening, one of the core requirements I covered in that first pass was to set up a Termageddon account. Here’s why, from their FAQ page:
A key component of Termageddon’s offering is that their team monitors privacy laws, notifies you when the laws have changed and can even update your policies automatically with these new disclosure requirements. In other words, Termageddon monitors privacy laws so you don’t have to.
This means that for $10 per month, you can embed a policy on your website, and have the equivalent of a lawyer who updates your policies and updates the core file every time another privacy law drops.
That’s it. no extra bells, whistles, or extra features. You subscribe to the service and get an auto-updating privacy policy that actually stays updated and up to legal standards.
If you sign up with promo code GARDEN, or follow this link, you can get 10% off the first year that you subscribe to Termageddon.
To discuss analytics, quickstart web solutions, check out my other content, or discuss potential collaborative work, visit the contact page and drop a line to Garden Nook Studio.
Disclaimer
Garden Nook Studio is not a law firm and any information contained in this article is not legal advice and should not be treated as such. Any information on this Website should be used solely as a guide and does not replace the advice of a licensed attorney. You should always contact an attorney for help with your specific legal needs and issues. Depending on your jurisdiction, you may have to take additional actions to be in compliance with the law. Any use of the policies contained in this Website is at your own risk. Any communication between you and us is not subject to attorney-client privilege.
