Attorneys for Family, Business & Life
Schedule a Consultation 855.973.8877
What Should Be in Your Privacy Policy?

What Should Be in Your Privacy Policy?

What should be in your privacy policy? Website privacy policy considerations must include and adhere to the privacy laws and regulations of the state and federal government.

email privacy concept image

States such as California have enacted legislation to protect their citizens when visiting websites that collect personal information. This legislation applies to all websites that “collect personally identifiable information through the Internet about individual consumers residing in California…” In other words, if California residents visit your website, you need to have website privacy policy that complies with California law. In order to avoid liability, California lists the specific subsections the policy must address. Here is a summary of the list:

  • Identify the personally identifiable information that is collected through the site.
  • Describe any processes available for consumers to review and request changes to the data collected.
  • Identify how consumers are notified of changes to the privacy policy.
  • Identify the date the privacy policy becomes effective.
  • Disclose how the website handles various “do not track” web browsing mechanisms.
  • Disclose whether or not third parties are able to collect personally identifiable information while the individual uses the site.

Complying with this list of requirements may seem simple. But, without a full website audit, many nuances may be missed. Each one of the listed requirements carries with it important complexities which must be fully understood. Without a complete understanding it can be difficult to implement an adequate privacy policy.

Another challenge facing websites is identifying personally identifiable data. The Federal Trade Commission has identified proposed rules to define personally identifiable information as any information “linked or reasonably linkable to a consumer or a consumer’s device.” It is highly unlikely that any business website is not collecting this data. With digital marketing efforts now requiring a comprehensive “internet of things” data becomes the commodity.

You may not believe that your website is subject to these data privacy requirements, but until an audit is conducted, a full determination cannot be made. Many online companies have left themselves vulnerable to liability from California’s privacy policy requirement because they collect such data.

It should also be noted that having a website privacy policy is not enough. Section Five of the Federal Trade Commission requires that companies follow through with their listed website privacy policy. An unimplemented website privacy policy is just as bad as no privacy policy at all.

Having experienced attorneys conduct a website privacy policy audit and review can help create a compliant website privacy policy. The digital business law attorneys at Smith Simmons, PLLC are ready to help new and existing websites meet new standards in online privacy protection. We are prepared to help your online business remain compliant and succeed in today’s digital business world. Contact us today.


Discuss Your Legal Matter

Call or use the contact form below to consult with an experienced Oklahoma City attorney.
    • Please enter your first name.
    • Please enter your last name.
    • Please enter your email address.
      This isn't a valid email address.
    • This isn't a valid phone number.
    • Please make a selection.
    • Please enter a message.