There are some really fun and creative aspects of running a website, especially if you are just starting up a new business and showcasing your talents online. Then, there are some boring and undesirable aspects, many of which go unnoticed by customers, but are essential to your success.
Legal documents, including contracts and tax forms, are not what most people see as fun things to deal with. Without them, though, you are toast.
In almost every case, the answer is yes.
In the article below, you'll learn about privacy policies and whether you need one for your website.
Privacy policies are legal documents that are meant to protect both the provider and the customer. They outline exactly how data is collected from visitors to the website and explain what the data is used for.
When a business runs a website, there is almost always at least one way they collect potential and current customer information. Many popular website builders allow you to easily add in contact forms and widgets that collect names, addresses, phone numbers, email addresses, and more.
Here are some common practices that business websites use that will require privacy policies:
- Asking people to sign up for emails
- Offering discounts and coupons in exchange for phone numbers and email addresses
- Including name and contact information boxes in contact forms
- Creating sales funnels that ask for email addresses
- Offering digital products that require contact information for download
- Selling any product through e-commerce
- Social security numbers
- Dates of birth
- Phone numbers
- Email addresses
- Bank details
It is very common for businesses to collect this type of information in contact forms, subscription sign-ups, account registrations, and shopping carts during check-out.
The United States has a long history of placing laws that protect personal information. The Privacy Act of 1974 placed restrictions on how government agencies could collect and use personal data. In the '90s, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Gramm–Leach–Bliley Act (GLBA) laws protected health and financial information.
In 2000, the Children's Online Privacy Protection Act set out to protect the personal information of any child 12 years old and younger.
It is important to understand the various laws that protect personal information and apply that knowledge to your business practice. For example, you should be aware of protections for younger children, and not attempt to extract and disseminate customer information about finances or health unless you are legally allowed.
When it comes to privacy laws in the United States, federal law may have basic requirements, but you will need to follow the strictest laws put out by the states. You want everyone to be able to access your site, even if they are out of state.
All of the personal information that the law covers includes:
- First and last names
- Phone numbers
- Email addresses
- Physical addresses
- Birth dates
- Social Security numbers
- Any contact information shared online or physically
- Any information stored online that could potentially identify a person
To comply with CalOPPA, your policy must include:
- Exactly what types of data you collect, and how you use that collected data
- Explanation of how users can request amendments to personal data collected by you
- Any affiliated organizations that you share data with
- Details about the third parties who use your website or app to collect data
- How you will inform users of policy changes
- A "Do Not Track" clause and the ramifications of users making a "Do Not Track" request
Do Not Track Clauses
A "Do Not Track" (DNT) clause is a way that users can request to block behavioral tracking from other services that are affiliated with your site, including Google Ads.
It is mandatory to include a DNT clause for privacy policies, but the surprise is that even California law does not require businesses to honor a DNT request. The only required action is that you include a section explaining how you will respond to DNT requests.
For example, all you need to do is include a paragraph explaining that you will not honor DNT requests, and users can follow a link or contact you for further information.
If your website is or ever will be pulling in international traffic, you will need to consider international laws as well. For example, the European Union has a similar stance to California in that any website that operates out of the European Union or does business with EU residents must comply with EU law.
The EU has the General Data Protection Regulation (GDPR) law, which regulates data gathering and handling and protects it from misuse.
- Data must be collected and processed in an ethical manner, only to be collected and used for predetermined reasons
- Users can request that data be updated for accuracy
- Businesses must make sure they follow GDPR law consistently and advise users of their 8 rights protected by the GDPR
- The Data Protection Officer or another contact of the business collecting data must be accessible to users and is responsible for handling complaints
- Businesses must make users aware of the reasons for data collection, and the length of time it will be kept, as well as who the data will be shared with
The GDPR requires that your policy obtains active consent from users before you begin collecting any data.
To keep yourself legally protected and to be able to collect data from all users, it is best to cover all of your bases.
If you offer someone a cookie, they are almost definitely going to take it; however, in the world of data, cookies get a bad reputation. Almost every website you visit now has popups that ask for your consent to track your cookies.
A cookie consent box must provide information or a link to information for users to understand what types of cookies are being used, including from third parties, why, and how you place them on devices.
There are many free services you can use that will allow you to input information about your business, and your use of data to generate a policy. Each business will have a unique policy according to its practices, but in general, you can follow a template.
At the very least, your policy should follow this format:
- Official business name and contact information
- Each type of personal information you collect with an explanation of how you collect it
- Your reasons for collecting each type of data
- How you use each type of data
- Which third parties you share data with and how
- How a user can opt-out of data collection and request a copy of any data already collected
Once you have written out all of that information, you should check with local laws to add in any extra information that is required. Then you should check with all of your third-party affiliated to make sure you are following their policies as well.
Making Your Website Ready for Users
The web design trends you see on social media mainly focus on animation, videos, and eye-catching colors. While these efforts are great for drawing new customers in, you won't be able to legally or ethically run your website until you make some other changes.
What other legal documents and processes should you have in place to make your website is ready for users?
Does My Website Need Terms and Conditions?
A terms and conditions page outlines how your website is to be used. It acts as a contract between you and the user that could be used in the court of law in cases of disputes or crimes.
A terms and conditions page could:
- Limit your liability in a lawsuit
- Protect your website's content
- Set the governing law that would handle legal issues
The bottom line is that you are limiting your liability for any errors in your content or offensive content posted on your site. You are also protecting your rights to your own content.
It is up to you if those protections are important enough to bother writing one up!
Having an accessible website means that all users can experience and enjoy your content and become valuable customers. Unfortunately, not many businesses take this seriously and lose out on a large customer base.
You can achieve an accessible website by using a content management system that supports accessibility. You should correctly use the tools to create content that your system can manipulate properly and easily. This means using headers correctly and including great alt text for images.
There are many ways to ensure your website is functional and everyone can use it. Speaking to a professional web designer will ensure the accessibility of your website is perfect.
Give Your Site a Refresh
Contact Design Epicenter to get started on your new website today!
The information provided in the article is offered purely for informational purposes and should not be relied upon as legal advice. We intend to make every attempt to keep this information current. We do not promise or guarantee, however, that the information is correct, complete or up-to-date, and internet subscribers and online readers should not act based upon this information without seeking professional counsel from an attorney admitted to practice in your location.
Is Your Website Ready For A Shake-Up
At Design Epicenter, our mission is to help our clients grow their business online. We believe that your success is our success. If you are ready to take your website to next level, click the link below to schedule your free consultation call to see how we can help you with your website.