Do I Need A Privacy Policy For My Website
So you've got yourself a solid website with fun graphics and nifty coding. It's a joy to navigate. The last thing on your mind is a detailed privacy policy for your online commerce, cookies, analytics, ad campaigns, comments—look, I'm boring you already. Sorry if we're bursting your bubble - but that text is one of the most important pieces of content on the entire website. Not having one could land you in trouble. It's time to talk about privacy policies. You might be wondering if you even need a privacy policy for your website. The short answer: yes, you probably do. Our good friends at HHG Legal Group provided us with relevant info for business owners looking to add a privacy policy to their site. Here's the lowdown.
Hold up. What's a privacy policy?
A privacy policy is a legal text. It tells the user or customer how and why your website collects, and stores, shares, analyses and protects their data. A privacy policy also lets the user know their rights and protects theirs and your interests.
Ok, so why is this important?
Websites interact with users in a variety of ways. For example, a website could collect data on your IP address and location, email addresses, or even monitor how long you spend on certain pages. This personal data can then be used for various purposes - and that's where data protection laws come into play. Website owners should be aware of their obligations under the Australian Privacy Act (1988) as well as relevant international data privacy laws. It's not uncommon for (very big) fines to be dealt out for non-compliance. Even companies like Google have had to swallow fines up to $57 million for not disclosing how their data was being used across its services.
Do I Need A Privacy Policy For My Website?
Not all businesses require a privacy policy. However, according to the Privacy Act 1988, if your business has an annual turnover of more than $3 million, or your website collects any customer data - you're going to need a privacy policy. Customer data can be any personal details, for example:
- Names
- Email addresses or physical addresses
- Bank account details
- Phone numbers
- Data from google analytics, Adsense, eg. location data, photos, clicks.
A website privacy policy is good for business
Letting your users know what personal information you're collecting and how you're using it isn't just the law. It's also a good practice more generally. If you were browsing a shop in the real world, maybe ordering a coffee and the cashier was like "great, can I also collect your email address and personal address, oh and just to let you know, we're monitoring how long you spend in our shop" - you'd want to know why. A privacy policy keeps your business transparent and helps you gain trust amongst your users and customers. These days - that's a big deal. No one wants to even feel like they might be scammed.
What do I need to include in a website privacy policy?
So you need a privacy policy - and you're wondering how to start. Depending on your business and what personal data your website collects and how that is being used, you'll want to make sure you cover these:
- What kind of data you're collecting
- Why you're collecting it
- How do you collect, store and use it
- How do you use 'cookies' on your site
- Where and to whom you disclose it
- How users can access and change their data
- Ways for users to contact you
What should a privacy policy look like?
Creating a privacy policy may be a legal obligation for your business - but it's not always easy to know how to start. A privacy policy should be:
- Accessible. Basically don't use pt 6 font, and don't make it impossible to find.
- Easy to understand. Avoid using complex language. This isn't helpful for anyone.
- Compliant with relevant legal obligations.
Want to find out more on how to write the perfect privacy policy for your website? Why not hear it from the experts - check out their blog here.
Different breeds of privacy policies
Different types of privacy policies will look different depending on the platform and what the business aims to collect. Here are some examples:
Online Blogs
If your blog has an ad campaign running, or you're allowing public comments on your site - you will need to look at posting a disclaimer and inform readers about your cookie policy that might be tracking them while on your site.
Email campaigns
An email campaign can either be super successful or very costly - depending on which side of the law you fall. Australia's spam act prohibits unsolicited commercial messages - so make sure your users and customers are given a heads up by:
- Getting consent via opting into your mailing list.
- Provide a link to your privacy statement when they opt-in.
- Give your recipient a way to unsubscribe - every time.
eCommerce sites
Any platform set up to take people's money in exchange for goods and services will need to meet some strict standards. First up, you're dealing with sensitive personal data: credit card details, phone numbers, and addresses. An eCommerce site will need to disclose how and where the data is being collected and stored, including by third parties.
Apps
Applications available on Google Play and Apple stores are required to have privacy policies registered with them detailing how data is being collected and used. If your app collects data - you should always check with a lawyer to ensure you're above board.
Can I write my own privacy policy?
Technically, yes. There are plenty of free online privacy policy builders - some of which are better than others and will probably back you up 90% of the time. But ultimately, a privacy policy is a legal document that must comply with the relevant Australian privacy principles and standards. So unless you're a fully qualified lawyer with experience in privacy law - you might want to leave this one to the experts.
Summary
A privacy policy is an essential part of your online presence. Aside from an important legal requirement, it also protects you and your valued users' data and can help build trust between your company and your users. If your website lacks a privacy policy, or maybe you want to get yours reviewed - make sure you get the appropriate legal advice. Better safe than sorry, right?