Does my website need a Privacy Policy?
In recent years, there has been a growing focus on online privacy, and consumers’ demand for stronger privacy laws is increasing. In 2018, the European Union enacted the General Data Protection Regulation (GDPR), which is the most comprehensive privacy law in the world. The GDPR has had a significant impact on the way websites collect and use personal information.
Since then, there have been a number of privacy laws enacted in the United States. As of April 2023, there are six states in the United States with comprehensive privacy laws for websites:
- California: The California Consumer Privacy Act (CCPA) is the most comprehensive state privacy law in the US. It gives consumers a number of rights over their personal data, including the right to know what data is being collected about them, the right to delete that data, and the right to opt out of the sale of their data.
- Colorado: The Colorado Privacy Act (CPA) is a newer state privacy law. Senate Bill 21-190 was signed on July 7, 2021. It is similar to the CCPA and VCDPA in many ways and will go into effect July 1, 2023
- Connecticut: The Connecticut Data Privacy Act (CTDPA) is another newer state privacy law. On May 10, 2022 Senate Bill 6 was signed: An Act Concerning Personal Data Privacy and Online Monitoring (also known as The Connecticut Data Privacy Act or “CTDPA”), making Connecticut one of the first states to pass a comprehensive consumer privacy law. The CTDPA takes effect on July 1, 2023.
- Iowa: The Iowa Consumer Data Protection Act (ICDPA) Senate File 262 was signed by the Iowa House and Senate on Mach 28, 2023, making Iowa the 6th state with comprehensive consumer privacy legislation. It will go into effect on 1 January 2025.
- Utah: The Utah Consumer Privacy Act (UCPA) is a state privacy law that was enacted in 2020. It is similar to the CCPA in many ways, but it also includes some additional protections, such as the right to be forgotten and the right to restrict the use of your data for targeted advertising.
- Virginia: The Virginia Consumer Data Protection Act (VCDPA) is another comprehensive state privacy law. It is similar to the CCPA, but it also includes some additional protections, such as the right to know how your data is being used and the right to have your data corrected if it is inaccurate.
In addition to these six states, there are a number of other states with more limited privacy laws for websites. These laws may cover specific types of data, such as financial information or health data, or they may apply only to certain industries, such as healthcare or financial services. It is important to note that these laws are constantly evolving, so it is critical to stay up-to-date on the latest changes.
*At the date of this writing (April 2023) these US states have bills that have been proposed that would affect Privacy Policy disclosures and business obligations:
- Georgia – Georgia Data Privacy Act
- Hawaii – Consumer Data Protection Act
- Illinois – Illinois Data Privacy and Protection Act
- Indiana – Consumer Data Protection
- Kentucky – Consumer Data Privacy
- Louisiana – Louisiana Consumer Privacy Act
- Maryland – Online and Biometric Data Privacy Act
- Massachusetts (3) – MA Data Privacy Protection Act
• MA Information Privacy and Security Act
• Internet Bill of Rights - Montana – Consumer Data Privacy Act
- Mississippi – Consumer Data Privacy Act
- Minnesota – Consumer Data Privacy
- New Hampshire – Expectation of Privacy
- New York (4) – Digital Fairness Act
• New York Privacy Act
• Consumer Right to Request Disclosure of Information
• Personal Information Collection - New Jersey (3) – Online Personally Identifiable Information Disclosure
• NJ Disclosure and Accountability Transparency Act
• Commercial Internet Websites Consumer Information - North Carolina – North Carolina Consumer Privacy Act
- Oklahoma – Oklahoma Computer Data Privacy Act
- Tennessee – Tennessee Information Protection Act
- Pennsylvania – Consumer Data Protection Act
- Washington – People’s Privacy Act
- West Virginia – Consumer Data Protection Act
- Vermont
*Source: Termageddon
Here are some things to keep in mind:
What is a privacy policy?
A privacy policy is a legal document that explains how a website collects, uses, and stores website visitors personal information.
Why do businesses need a privacy policy on their company website?
Most websites collect some form of personal information from their users, such as names, email addresses, and IP addresses. By having a privacy policy on the website, users are notified about how their information is collected and used, which can protect the company from legal liability.
What should be disclosed about data collection in the privacy policy?
Data collected from websites varies. Some basic data includes:
- The types of personal information collected
- How personal information is collected and used
- How personal information is shared with third parties
- How personal information is protected
- How users can access, correct, or delete their personal information
- How users can opt out of the collection or use of their personal information
- Type of non-identifiable information that is collected (IP address, analytics, etc.)
How can a privacy policy be created?
There are many resources available to help you write a privacy policy. Business owners can hire an attorney to help draft a policy, or use an online platform such as Termageddon which is used on the igrafix.com website. Termageddon offers a smart solution to keep privacy policies in sync with the various data protection laws in the United States, Canada, the United Kingdom, and the European Union.
Where should privacy policies be posted?
Privacy policies should be prominently displayed on the website, so that website visitors can easily find it. The privacy policy should be linked to from all pages on the website where user data is collected. Generally, a link on the bottom of the website (the footer) ensures that the privacy policy is available on every page of the site.
Here are some additional tips for writing a privacy policy:
- Use clear and concise language that is easy for users to understand.
- Avoid legal jargon and technical terms.
- Be honest and transparent about how you collect and use personal information.
- Keep your privacy policy up-to-date as your website changes.
By following these tips, a privacy policy can be created that protects website visitors and helps business owners comply with the law.
Need help setting up a Privacy Policy on your business website?
Disclaimer: This blog post cannot and does not contain legal advice. The information is provided for general informational and educational purposes only and is not a substitute for professional advice. Accordingly, before taking any actions based upon such information, we encourage you to consult with an appropriate legal professional. We do not provide any kind of legal advice. THE USE OR RELIANCE OF ANY INFORMATION CONTAINED IN THIS BLOG POST IS SOLELY AT YOUR OWN RISK.
This post may contain affiliate links for your convenience.