Data Privacy Policy: What It Is & Why You Need One (2024)

Table of Contents
What is a data privacy policy? Why you need a data privacy policy Legislation that requires a privacy policy California Online Privacy Protection Act (CalOPPA) Children's Online Privacy Protection Act (COPPA) Gramm-Leach-Bliley Act (GLBA) General Data Protection Regulation (GDPR) California Consumer Privacy Act (CCPA) External tools that require data privacy policies How to make sure website visitors read your data privacy policy Step #1: Use plain language Step #2: Add a '“Frequently Asked Questions” section Step #3: Structure it for the user Data privacy is becoming more important Segment's Privacy Portal FAQs

New data privacy legislation—including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)—has emerged to make it important to give consumers certain power and freedom over their own data.

As a result, it matters more than ever that you make clear in your company’s data privacy policy—to your customers and to others—how your company uses data.

Not only are data privacy policies important for compliance with different privacy legislation, but data privacy policies also help set expectations with your website visitors. They’ll know the types of data you’re collecting, why you’re collecting, and how they can contact you with questions or concerns.

What is a data privacy policy?

A data privacy policy is a legal document that lives on your website and details all the ways in which a website visitors’ personal data may be used. At the very least, it needs to explain how your website collects data, what data you collect, and what you plan to do with that data.

In addition to living on your website, your data privacy policy also should be easily accessible to website visitors from any page they visit. That’s why you often see it in the footer of every page on a website, including our own:

Data Privacy Policy: What It Is & Why You Need One (1)

That link to our data privacy policy appears on every page of our website. If website visitors have questions about their data while they’re viewing our website, they can find the answer in one click.

One of the most important parts of your data privacy policy is that you need to give website visitors an easy way to contact your company. Including an email address, a mailing address, and possibly a phone number is the best way to do that.

Why you need a data privacy policy

There are a number of laws that require data privacy policies. Chances are one of the laws applies to your company.

If, for some reason, none of the laws apply to you, you still might be required to have a privacy policy because of the analytics tools, email tools, or advertising platforms that your company uses.

Legislation that requires a privacy policy

The legal landscape around privacy is constantly evolving. The GDPR is one of the most recent privacy laws to take effect, and the CCPA is going to take effect in just a few months.

California Online Privacy Protection Act (CalOPPA)

The California Online Privacy Protection Act went into effect in 2004 and was updated in 2013. It requires companies that collect personally identifiable information about California residents to have a privacy policy. Websites that collect information from Californians (such as name, contact information, telephone number, or social security numbers) must have their privacy policy hyperlinked from their home page, and must use the word “privacy” in that hyperlink. To comply, companies must do the following:

  • Detail the kinds of information you gather

  • Explain how that information will or could be shared

  • Explain how the website visitor can review and make changes to their stored information

  • Include the policy's effective date and an update on any changes that have taken place since then

Enforcement of CalOPPA falls to the California Attorney General’s Office.

Children's Online Privacy Protection Act (COPPA)

COPPA went into effect in 2000. It is designed to protect the privacy of children under the age of 13. If your company purposefully collects information from children, you must comply with COPPA. If you don't collect information from children under 13, it's a good idea to explicitly state that in your privacy policy.

See Also
Privacy Policy Template - TermsFeedVinden Lawyers – Your Legal Compass, Our ExpertiseCan I write my own privacy policy?Research: A Strong Privacy Policy Can Save Your Company Millions

To comply with COPPA, your company must:

  • Post a privacy policy

  • Make reasonable efforts to notify parents of how you collect and use their child’s data

  • Obtain parental consent

  • Provide a way for parents to review the data

  • Have procedures for data protection

  • Retain data only for as long as necessary

The FTC has fined companies up to $170 million for failing to comply with COPPA.

Gramm-Leach-Bliley Act (GLBA)

The GLBA is geared towards financial institutions. It went into effect in 1999, and similar to the two acts above, this law requires financial institutions notify their websites’ users of what data is collected, how it is used, and how it is protected. The GLBA defines financial institutions as “companies that offer consumers financial products or services like loans, financial or investment advice, or insurance.”

The one big difference between the GLBA and the other laws we’ve covered is that the GLBA requires financial companies to give visitors a way to opt out of sharing their data with nonaffiliated companies.

Failure to comply with the GLBA can result in fines of up to $100,000 for each violation, and even jail time for the person responsible for the violation.

General Data Protection Regulation (GDPR)

The GDPR is one of the most well-known data privacy laws, partially because it is so new, and partially because of how big the changes are as a result of it. The GDPR went into effect in 2018. If your company collects data from European Union citizens (whether as a data controller or a data processor), there’s a chance you must comply with the GDPR, even if your company isn’t located in the EU.

This data protection law covers a number of data protection and privacy practices, and like the others on this list, it requires a data privacy policy that explains the following:

  • What types of data you collect

  • What you do with that data

  • Why you need to collect that data

  • How long your data will be stored for

  • How customers can get in touch with your company

    See Also
    The Legal Right to Privacy

If your company is found to be in breach of the GDPR, it could be fined up to €20 million or up to 4% of the annual revenue.

California Consumer Privacy Act (CCPA)

The CCPA will go into effect on January 1, 2020. This law could affect your company if you collect data on residents of California. This law covers a lot of data privacy issues, but if we focus on just your data privacy policy, the CCPA requires that your company explains the following:

  • What data is being collected, and why

  • Whether that data is being sold or shared

  • Who that data is being sold or shared with

Failure to comply can result in fines of up to $7,500 per violation, regardless of whether the violation was intentional or not.

External tools that require data privacy policies

Along with specific pieces of legislation, external tools like Google Analytics and Facebook ads also require a data privacy policy:

  • Google Analytics: Their terms of service state, “You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies.” Along with that, you also need to explicitly state that your website uses Google Analytics and how that data is used.

  • Facebook Lead Ads: Not all types of Facebook ads require a privacy policy. But if you use Facebook Lead Ads, which can collect more information than other Facebook ads, you’re required to put a link to your privacy policy.

  • Twitter Ads: If you use Twitter ads that “collect user volunteered data,” you must link to your privacy policy.

Plenty of other tools that collect data on your behalf also require privacy policies. For example, if you use a mobile messaging app for your marketing, the app might require a data privacy policy.

It’s best to review the terms of service of your data collection tools and make sure you’re including any necessary language about each tool in your privacy policy.

How to make sure website visitors read your data privacy policy

It’s not enough to have a data privacy policy; you also need to make sure that your website visitors can easily understand your policy. It’s helpful to think of your privacy policy like a blog post—you want people to read it.

You can do this by following three steps:

Step #1: Use plain language

Technical legal jargon can be a turnoff to a lot of website visitors. Work with your legal team to make sure your privacy policy complies with all relevant laws and is also written in a way that is easily understandable.

Twitter’s Privacy Policy does this really well:

Data Privacy Policy: What It Is & Why You Need One (2)

The language Twitter uses in their privacy policy is straightforward and simple. It’s clear that they want users to read it.

Step #2: Add a '“Frequently Asked Questions” section

As part of your privacy policy, consider creating an easy-to-understand FAQs list. This will help website visitors quickly and easily answer any questions they may have.

Wikimedia does this perfectly:

Data Privacy Policy: What It Is & Why You Need One (3)

The way Wikimedia lists all questions and links to the appropriate answer creates a good user experience for any website visitor who has questions about their data privacy.

For example, the first entry in Wikimedia’s privacy policy FAQs list is, “What’s different about this Privacy Policy? Can I see older versions?” Chances are, that was listed first because it’s a common question when a website updates its privacy policy. People want to cut to the chase and find out what is different about the new version.

Step #3: Structure it for the user

Your privacy policy should be structured so that it doesn’t intimidate website visitors. Big blocks of text can be a turnoff. Use short paragraphs, bullet points, and internal links to different sections so that website visitors can easily navigate the policy.

Netflix’s privacy policy is a good example of this:

Data Privacy Policy: What It Is & Why You Need One (4)

Netflix uses bullet points, short paragraphs, and numbered lists in almost every section of the company’s privacy policy. That helps readers quickly understand what Netflix is doing with the data collected.

Data privacy is becoming more important

More data privacy legislation is passed every single year. On top of that, website visitors are becoming increasingly aware of the impact their data has. People want to know what you’re collecting, why you’re collecting it, and what you plan to do with it.

A data privacy policy can clear up a lot of those questions, but you have to make sure that you’re consistently updating your privacy policy. Make time every few months to review any new data privacy laws and new requirements in the terms of service of the tools your website uses. That will help you stay on top of any changes that need to be made to your data privacy policy.

NOT LEGAL ADVICE

This information provided in this article does not, and is not intended to, constitute legal advice. All information and content in this article is for informational purposes only. Information in this article may not contain the most up-to-date legal information. Readers should contact an attorney to obtain advice with respect to any particular legal matter, and consider a data privacy training course for a more detailed understanding of how to approach these matters.

Guide

Segment's Privacy Portal

With the Segment Privacy Portal, you can automate your approach to keeping your customers' data private.

Get started

Data Privacy Policy: What It Is & Why You Need One (5)
Data Privacy Policy: What It Is & Why You Need One (2024)

FAQs

Data Privacy Policy: What It Is & Why You Need One? ›

A privacy policy is a document on your website that tells users how and why you collect their information, how you use that data, why you use it, and if you share it with others. Privacy is a space that belongs to an individual, and neither governments nor companies can intrude without permission.

Tell Me More
What is a privacy policy and why is it important? ›

A privacy policy is a thorough explanation of how you plan to use any personal information that you collect through your mobile app or website. These policies are sometimes called privacy statements or privacy notices. They serve as legal documents meant to protect both company and consumers.

Learn More
What is data privacy and why data privacy is important? ›

Data privacy generally means the ability of a person to determine for themselves when, how, and to what extent personal information about them is shared with or communicated to others. This personal information can be one's name, location, contact information, or online or real-world behavior.

Show Me More
What is data privacy or privacy policy? ›

A data privacy policy is a legal document that lives on your website and details all the ways in which a website visitors' personal data may be used. At the very least, it needs to explain how your website collects data, what data you collect, and what you plan to do with that data.

See Details
What do you need in a privacy policy? ›

Your privacy notice needs to include people's information rights, including the right to withdraw consent, where that's your lawful basis. Also tell people how they can complain if they've got concerns about the way you're using their information.

Get More Info
Do I really need a privacy policy? ›

If your website collects any personal data, then you need a privacy policy. This policy should detail what data you collect, why it's collected, how it's used, and the steps you take to protect it.

Know More
What is privacy in simple words? ›

Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.

Find Out More
Why do we need to maintain data privacy? ›

Why Is Data Privacy Important?
  • It helps you comply with applicable data privacy laws.
  • It helps you gain and retain customer trust.
  • It helps you build effective data management practices.
  • It helps minimize the risks and costs of a personal data breach.
  • It helps you adapt to tomorrow's world wide web.
Sep 1, 2023

Keep Reading
Why do we need more data privacy? ›

Personal data can help hostile actors access systems for the full range of harmful purposes that cybersecurity efforts are designed to guard against, such as disabling critical infrastructure, stealing money, and misappropriating intellectual property.

Learn More Now
What is an example of data privacy? ›

One example of data privacy is ensuring that sensitive data, such as financial information or medical records, is only accessed by authorized personnel. This can be achieved through access control measures, such as usernames and passwords, or biometric authentication. Encrypting data is another example of data privacy.

Find Out More

Why is data privacy an issue? ›

Another major issue when implementing data privacy protocols involves controlling who has access to the data. If your business fails to implement proper controls, your customers' and employees' data is at risk of unauthorized access, like through a personal data breach, which leads to financial and reputational loss.

See More
What are the two types of data privacy? ›

There are two primary types:
  • Non-sensitive PII — Information that is already in the public record, such as a phone book and online directory.
  • Non-personally identifiable information (non-PII) — Data that cannot be used to identify a person. Examples include device IDs orcookies.
Aug 8, 2019

Read More
What are the rights of data privacy? ›

Your right to data privacy empowers you to have reasonable control over the flow of your personal data. Under Data Privacy Act of 2012, individuals whose personal information is collected, stored, and processed are referred to as data subjects.

Learn More Now
Can I write my own privacy policy? ›

Yes, you can write your own privacy policy. You don't need to hire a lawyer to write a policy for your website or app — using a privacy policy template will help you include all the clauses necessary to explain your data-handling practices to users.

Read The Full Story
Do I need a data policy? ›

Data protection law specifically requires you to put in place data protection policies where proportionate. What you have policies for and their level of detail varies, but effective data protection policies and procedures can help your organisation to take the practical steps to comply with your legal obligations.

See More
What is the most important component of a privacy policy? ›

Consent Management

Consent management—that is, obtaining, managing, and documenting the consent of individuals for the collection, use, and sharing of their personal information—is a key component of both privacy ethics and regulatory compliance.

Explore More
What is the main purpose of protecting your privacy? ›

Human right to privacy

It relates to an individual's ability to determine for themselves when, how, and for what purpose their personal information is handled by others. Protecting privacy is key to ensuring human dignity, safety and self-determination. It allows individuals freely develop their own personality.

Learn More Now
What happens when you agree to a privacy policy? ›

By placing "I Agree to Privacy Policy" checkboxes at different points of personal data collection, you give your users an opportunity to consent to your data practices. You also protect yourself from violations of the GDPR or CalOPPA by avoiding the potential of processing data without consent.

Get More Info Here
Is it safe to accept a privacy policy? ›

A privacy policy is there to tell you that a company can or may share your data. It is not required to ask if you're cool with that. The phrase “privacy policy” can easily be misunderstood to mean that a company has a policy of protecting your privacy.

Get More Info Here
What is privacy policy and terms of use? ›

What is the Difference Between Terms of Use and Privacy Policy? Terms of Use (or Terms and Conditions) outline the legal agreements regarding the use of your site or app, including user responsibilities and limitations. A Privacy Policy details how user data is collected, used, and protected.

Get More Info
Top Articles
Best Foods for Healthy Skin To Reduce Find Lines
7 Essential Tips to Keeping Your Gym Clothes Fresh & Clean | Daniel Appliance Company
Directions To Salem Indiana
Mugshots Oregon Bend
The Best Home Security Systems of 2024
Rochester Fire Department
Gastritis - Symptoms and causes
H. Pylori Diet: The Best Foods to Eat and Avoid
How to Use VoIP in Escape from Tarkov | DiamondLobby
How to Report Abusive and Toxic VoIP Behavior in Escape From Tarkov?
‘Curtis, He’s Just Head-Butting People’
The Volunteer Vigilantes of New York City
Latest Posts
Best AMP Email Alternatives - 2024 | Product Hunt
10 Signs He Really Likes You
Article information

Author: Msgr. Refugio Daniel

Last Updated:

Views: 5330

Rating: 4.3 / 5 (54 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Msgr. Refugio Daniel

Birthday: 1999-09-15

Address: 8416 Beatty Center, Derekfort, VA 72092-0500

Phone: +6838967160603

Job: Mining Executive

Hobby: Woodworking, Knitting, Fishing, Coffee roasting, Kayaking, Horseback riding, Kite flying

Introduction: My name is Msgr. Refugio Daniel, I am a fine, precious, encouraging, calm, glamorous, vivacious, friendly person who loves writing and wants to share my knowledge and understanding with you.