Consultant’s Corner: Do I Need a Website Privacy Policy?
Q: If we do not collect customer data on our website, do we need to have a privacy policy?
We have provided legal reference information and general business comments below for your consideration; however, since your GSB general business consultants are not lawyers and do not provide legal services, you should plan to consult your attorney to help clarify the federal and state consumer privacy laws applicable to your business activities and to provide legal assistance with developing a privacy policy for your business, including the need to post the policy on your business website or other web pages.
Basically, privacy policies need to cover the handling of personal and confidential information (customers, employees, vendors, etc.) collected both offline and online. For discussion with your lawyer, you can review the following privacy policy considerations.
As Security Catalyst points out, privacy policies are not a “necessary evil”—they’re just necessary. Any business needs to protect personal information for customers and employees, and needs privacy policies that are tailored to that business’s specific needs. Your privacy policy lays out your company’s privacy practices that will fulfill legal requirements, and that is important.
One of the big challenges of crafting a privacy policy is that it has to cover every possible scenario, while being easy for your employees to follow. Digital records online, paper records in storage, old records that need to be disposed of—you have to cover every eventuality.
The Security Catalyst article mentioned above includes a list of 7 reasons your business needs a privacy policy, and they cover all the major bases:
- Protecting personal information of customers and/or employees
- Establishing privacy practices
- Legal and regulatory mandates
- The unique privacy challenges your business faces
- Activities such as cloud computing, social media, and more create new challenges
- Specific regulations in certain states and countries
- Affirmative privacy obligations for minors 12 and under.