- Privacy Policies Explained for Small Businesses
Privacy Policies Explained for Small Businesses
If you share personal information without your customers’ knowledge, you could infringe on local laws. A data breach or the mishandling of information can bring serious legal consequences.
Penalties for Violating a Privacy Regulation
Violating a data privacy regulation can be expensive:
- A business can receive up to $2,500 in fines each time a state resident downloads a non-compliant mobile application in California.
- COPPA levies fines of up to $40,000 for each child whose information was collected improperly.
- The GDPR allows penalties for non-compliance up to 4% of a company’s revenues.
- The legal basis for collecting the information
- Your legal business name
- The business location
- Your contact information
- The type of information you collect
- How you gather the information
- How you keep the data secure and protected
- How a user can opt in or out of sharing information
- Whether or not you sell the information to a third party and how they will use the information
Consider all the ways you collect personal data, including contact forms, payment applications, email newsletter registration, affiliate websites, advertising networks — including cookies — and buttons for social media sharing.
How Do You Share or Disclose the Information?
Report if you share the information for any of these reasons:
- When required by law
- When you obtain consent to share the information
- If you sell the business
Be sure to tell customers when and under what circumstances you share the information.
How Can Customers Update Their Information?
If customers create an account with you or consent to storing their information with you, they may need to update it for various reasons.
The policy should state that you allow your customers access and provide contact information for making corrections and updates.
How Do You Protect the Data?
Telling customers how you plan to protect their data reassures them that it’s safe with you. Some laws require you to communicate how you protect customer information. You shouldn’t be too vague but keep to general steps.
How Can Customers Opt in or Out?
Some privacy laws require you to provide customers with a way to opt out of communications, information collection, or data storage. It’s a method of reducing unwanted or unsolicited emails and spam.
Having a Strategy for Determining the Type of Information To Request or Retain
Before you ask, think about whether you need that information. Only collect the information you absolutely need and nothing more.
Keep privacy and security at the top of your mind anytime you purchase new computer equipment, software, or cloud services. Also, consider the type of information you collect, why you collect it, and where you intend to keep it.
Understand the privacy implications anytime you use personal information, including tracking cookies, Google Analytics, and other personalization or metric gathering service. Ensure you don’t discriminate against anyone who chooses not to share their data, including offering discounts or promotions to those who opt in that aren’t available for customers who opt out.
Writing in Clear Language and Avoiding Jargon or Legalese
Providing a page full of legal terms can turn people off because they feel like you’re hiding something. Use language like that which you use when speaking to your customers and explaining your business.
Experiment with different structures or add a table of contents to make the policy easier to read.
Seeking Legal Advice From an Attorney
If you run a complex business or expect a global audience, speak to a business lawyer who can help you avoid pitfalls. An expert attorney will understand the most current versions of any regulations you must follow, ensuring your compliance with standards.
Are you expecting minors to use your service or visit your website? An attorney can help you navigate any laws regarding information gathering from children or teenagers.
Asking Only for the Information You Need
Never ask for more data than necessary. The less you gather, the less you assume responsibility for. If you don’t need a date of birth, don’t ask for it.
If you minimize the amount of data you request, you have less liability for exposing sensitive information in cases of a data breach.
Implementing Good Information Practices
Banners and Pop-ups
People generally consider banners and pop-ups annoying, but you can limit their appearance by allowing form entries or payment sites to trigger them to open before a customer discloses any information.
Here are some examples of small business privacy policies that check the appropriate boxes.
Ruiz Financial Solutions
The table of contents is arranged like a frequently asked questions (FAQ) page, with headings in the form of questions like “How do we use your information?”
KEM Business Solutions
KEM Business Solutions takes pains to point out that the site is not meant for use by anyone under the age of 18 and explains that it’s because they are complying with COPPA. They also announce their compliance with the GDPR for European users.
They also keep paragraphs short and use bulleted lists to make the policy more readable.
After customizing it for your small business, copy and paste the following text onto your site, or download the PDF or Word document.