January 18 2019

Website Privacy Policy Best Practices

Website Privacy Policy Best PracticesData, and how it is collected, is a question that every website owner must address. Most websites have a dedicated Privacy Policy page or PDF with their privacy policy statement. This allows for full transparency about how the site handles different kinds of users and any data associated with that. Most businesses rarely revisit their website privacy policies beyond when they are created, but now more than ever, it’s time to ensure your privacy policy aligns with best practices.

Businesses are increasingly investing in advanced analytics tracking and digital marketing, and there is increased public interest in data protection because of data breaches. To help you evaluate where your site measures up, we’ve provided several privacy policy requirements and best practices.

Privacy policy definition

A privacy policy can be defined as: “a legal document [or statement] that discloses some or all of the ways a party gathers, uses, discloses and manages a customer's data.”
 
The notice itself can range from a small paragraph to large blocks of legal language depending on the complexity of the site. In general, an effective privacy policy provides:

  • Details on what defines a user, the website, and any other relevant party.

  • How data is collected on your site.

  • What happens to the collected data is used once it’s been obtained.

  • What the visitor can do to make sure their data is deleted.

Privacy policy requirements

GDPR, which took effect in May of 2018, spurred many businesses and institutions to take a closer look at their privacy policy. Basically, it placed much stricter regulations on websites that collect data from citizens of the EU in any capacity. While the US does not have one single federal law stating you must have a privacy policy, there are a number of federal and state laws suggest that you should, especially when they are presented in aggregate.

The bottom line: if you collect any data, you should have a website privacy policy. Data can include personal information such as email addresses, names (first and last or combined full name), billing and/or shipping address, etc. It also includes data collected for site analytics and social media reporting, or if your site uses cookies for tracking purposes (e.g., Google Analytics).

Another thing to note is whether you have any third-party sites collecting data on your behalf. Some examples include marketing software such as Mailchimp, Pardot, Documatix, etc. Another use case is whether you have payment gateways on your site that require users to pay via credit or debit card, or PayPal.

Privacy policy example

According to the BBB, a privacy policy template can be built from the following items:

  • Policy (what personal information is being collected on the site)

  • Choice (what options the customer has about how/whether her data is collected and used)

  • Access (how a customer can see what data has been collected and change/correct it if necessary)

  • Security (state how any data that is collected is stored/protected)

  • Redress (what customer can do if privacy policy is not met)

  • Updates (how policy changes will be communicated)

Where does the Privacy Policy live?

After the privacy policy page is built, many organizations wonder where to place the link. We recommend placing a Privacy Policy link in the site's global footer so that access to the policy is available from all site pages. In addition, many Content Management Systems (CMS) or third-party solutions will allow for a popup to allow for consent as outlined in the aforementioned GDPR rulings. In that popup, it is recommended that you also place a link to the privacy policy so that visitors can access the full page for more information.

Finally, having a lawyer check the final verbiage before it goes live is always recommended so you can make sure the policy captures all the nuances your website and your business may need to cover. Have questions? Please feel free to reach out to the team at ZAG Interactive. We are happy to advise you on best practices for privacy policies that incorporate all elements as part of a website redesign or marketing initiative.

Sources: Identity Theft Resource Center, Termsfeed.com

  • Analytics
  • Legal Watch
  • Regs & Legislation

posted by
Rachel Avery Conley
Rachel Avery Conley

ZAG Interactive is a full-service digital agency in Glastonbury, CT, offering website design, development, marketing and digital strategy to clients nationwide. See current job openings.
Related Article
Understanding The Impact of GDPR on Your Website