This is a valid and common question. The answer is…maybe. There are several important factors to consider, including jurisdictional requirements, what data you collect, how you use it and if a privacy policy is required by your technology partner(s). It’s also important to consider the benefits of having one. Let’s take a closer look. A privacy policy is a contractual agreement that explains how your organization collects, processes, stores or shares personal information. Essentially it's a way of demonstrating that your organization cares about personal information and the steps taken to protect it. This enables an individual to make an informed decision whether or not to share their personal data. It also explains how and who to contact if they have questions or concerns about their personal data. Now that we have a better understanding of a privacy policy let’s look at some factors to consider. Privacy laws apply to personally identifiable information. This is information that can be used to specifically identify an individual. It could be a single piece or combination of data. It also includes your employees, suppliers or any 3rd parties whose personal information you collect, process, store or share. Next is to consider if the applicable privacy regulations in your jurisdiction specifies the inclusion of a privacy policy. For example, this is the case in the EU and Canada. In America there is no general federal or state law that requires a company to have a privacy policy in all circumstances, but there are several laws that require one in certain circumstances. When considering which privacy laws apply, keep in mind jurisdiction is determined by the location of your customers, not your business. After all, it is their data and with so many businesses having an online presence our customers may not live in our area code. Another consideration is if personal information is used to conduct commercial activity. This means the primary use of personal information is for the purpose of generating revenue. Regardless of usage, you are still responsible for your users’ personal data — such as names, birthdays, postal addresses, phone numbers, email addresses, and any other personal information that you could use to identify someone. Something we may not immediately consider is having a privacy policy because it’s expected by third parties who are essential to our business. For example, Google or Apple software or apps require privacy policies from everyone they work with. Analytics software can be heavily reliant on personal information, so using any kind of it almost always means you need a policy. Search engines prioritize websites with privacy policies, taking that as a sign of proper security. Also, many ad sellers require you to have a privacy policy before running ads on your site. So not having a privacy policy can severely hamper your online effectiveness. We all want to be successful, so it's good to plan for future growth. Having a comprehensive privacy policy gives your organization peace of mind if your operations change, your online presence increases or your markets expand. To manage volume, you may decide to store data in the cloud. This takes the data out of your control, instead scattering it across a number of servers. Without an up-to-date privacy policy covering these new developments, you open yourself up to liabilities that may not have existed a few years ago. However, it’s still necessary to review your policy to ensure it accurately reflects your business. A privacy policy can be an effective and efficient tool toward complying with applicable privacy laws if it's complete, easy to find, and easy to understand. It's also a way of generating trust by showing you care about protecting personal information and their right to privacy. You may not be sure if you need a privacy policy, but with all the benefits you may still want one. Having a privacy policy reduces liability, generates trust, satisfies important 3rd party entities and makes your business more forward thinking.
Leave a Reply