A portfolio website is a great way to showcase your skills and convince potential clients to hire you for their next project.
- Which Privacy Laws Affect Your Portfolio Website?
View an example of what it looks like below.
It features proper formatting and some pre-filled standard clauses you can modify to suit the needs of your portfolio.
Write It Yourself
If you leave something out, even by mistake, you could still be penalized under the various data privacy laws.
Your portfolio website likely uses forms prompting visitors to input personal data to contact you and inquire about your services.
- Google Analytics
- Cloud providers
- Email marketing platforms
- CRM providers
Which Privacy Laws Affect Your Portfolio Website?
Some of the privacy laws that may affect your portfolio website include the:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- California Online Privacy Protection Act (CalOPPA)
- Children’s Online Privacy Protection Act (COPPA)
- Colorado Privacy Act (CPA)
- Utah Consumer Privacy Act (UCPA)
- Virginia Consumer Data Protection Act (VCDPA)
- Personal Information Protection and Electronic Documents Act (PIPEDA)
General Data Protection Regulation (GDPR)
If your portfolio services people within the European Union (EU) or European Economic Area (EEA), you might be subject to following the General Data Protection Regulation (GDPR).
- What data you collect from website visitors
- How the website collects user data
- The purpose for collecting the data (legal basis)
- How long you’ll retain the data
- How users can opt out of specific data processing activities
- If you share or sell it with third parties
- If you transfer the data internationally
Additionally, the United Kingdom’s (UK) privacy law is nearly identical to the GDPR but accounts for the succession of the UK from the EU.
California Consumer Privacy Act (CCPA)
- Their right to know the personal data you collect about them
- The data you have about them
- How you collect and use this data
- Their right to opt out of the sale or sharing of their data
- How they can opt-out
California Online Privacy Protection Act (CalOPPA)
If your website has visitors from California and collects personal data, you must follow the requirements written by CalOPPA.
Under CalOPPA, your privacy notice must contain the following details:
- Categories of personal information you collect
- Categories of personal information you share with third parties
- Process for reviewing and altering personal information
Children’s Online Privacy Protection Act (COPPA)
COPPA provides specific privacy protections for children in the United States and applies to any website that may be accessed by children under 13.
Colorado Privacy Act (CPA)
The Colorado Privacy Act may apply to your portfolio if you offer services to Colorado residents.
- What personal data you collect
- Why you collect the data
- What categories of data you share with third parties
- The categories of the third parties you share data with
Utah Consumer Privacy Act
On December 31, 2023, Utah’s Consumer Privacy Act enters into action, giving Utah residents the right to know the data a business collects about them through its website.
Under this law, residents of Utah can access the data that a business has collected about them and opt out of certain kinds of data processing.
If you intend to offer your services to residents of Utah, your portfolio website privacy statement should address the following:
- The data you collect
- How you’ll use the data
- How users can access their data that you have collected
- The user’s right to opt out of the processing of their data and data deletion
Virginia Consumer Data Protection Act (VCDPA)
If your services are available to people in Virginia, you might fall under the Virginia Consumer Data Protection Act.
- What data you collect
- Your purposes for processing the data
- Categories of data shared with or sold to third parties
- The categories of the third parties themselves
- An explanation of how consumers can submit requests to follow through on their rights
- A mechanism for appeal decisions related to consumer requests
- A disclosure explaining if you process personal data for targeted advertising
- Opt out of data processing
- Access any data you collected
- Delete any data you collected via your website
Personal Information Protection and Electronic Documents Act (PIPEDA)
If you offer services to people residing in Canada, your portfolio website must comply with PIPEDA, the country’s privacy law.
The law requires that you let site visitors know how you collect their data, the type of data you’re collecting, and how they can consent or opt out.
The Personal Data You Collect
- Their names
- Email addresses
- Social media handles
- Credit card information
- IP addresses.
You can present it in a list or table format for clear understanding.
How You Collect the Data
The policy should also explain if you collect personal information automatically or whether it is limited to the information users personally provide.
How You Use the Data
The reasons might include:
- Providing users with a product or service
- Sending them promotional materials
- Processing orders
- Improving site performance
How You Store and Protect the Data
Use strong security measures to protect the data you collect to ensure it doesn’t fall victim to a data leak or other unauthorized access.
Some good examples of security measures are multi-factor authentications, complex passwords, firewalls, data encryption, and secured access.
How Long You Will Retain Visitor Data
For instance, the GDPR requires that you keep visitors’ data only as long as necessary and for the reasons it was initially obtained.
Specify a timeframe within which you’ll delete collected data once it is no longer needed.
State Whether You Share the Data With Third Parties
If you share users’ data with any third-party applications, such as Google Analytics or Google AdSense, you must clearly state who these third parties are and their data-handling practices.
Portfolio websites often need privacy policies. You might be subject to different data privacy laws, primarily if you collect personal information from your website visitors.