If you share personal information without your customers’ knowledge, you could infringe on local laws. A data breach or the mishandling of information can bring serious legal consequences.
Consider all the ways you collect personal data, including contact forms, payment applications, email newsletter registration, affiliate websites, advertising networks — including cookies — and buttons for social media sharing.
Be sure to tell customers when and under what circumstances you share the information.
If customers create an account with you or consent to storing their information with you, they may need to update it for various reasons.
The policy should state that you allow your customers access and provide contact information for making corrections and updates.
Telling customers how you plan to protect their data reassures them that it’s safe with you. Some laws require you to communicate how you protect customer information. You shouldn’t be too vague but keep to general steps.
Some privacy laws require you to provide customers with a way to opt out of communications, information collection, or data storage. It’s a method of reducing unwanted or unsolicited emails and spam.
Before you ask, think about whether you need that information. Only collect the information you absolutely need and nothing more.
Keep privacy and security at the top of your mind anytime you purchase new computer equipment, software, or cloud services. Also, consider the type of information you collect, why you collect it, and where you intend to keep it.
Providing a page full of legal terms can turn people off because they feel like you’re hiding something. Use language like that which you use when speaking to your customers and explaining your business.
Experiment with different structures or add a table of contents to make the policy easier to read.
If you run a complex business or expect a global audience, speak to a business lawyer who can help you avoid pitfalls. An expert attorney will understand the most current versions of any regulations you must follow, ensuring your compliance with standards.
Are you expecting minors to use your service or visit your website? An attorney can help you navigate any laws regarding information gathering from children or teenagers.
Never ask for more data than necessary. The less you gather, the less you assume responsibility for. If you don’t need a date of birth, don’t ask for it.
If you minimize the amount of data you request, you have less liability for exposing sensitive information in cases of a data breach.
People generally consider banners and pop-ups annoying, but you can limit their appearance by allowing form entries or payment sites to trigger them to open before a customer discloses any information.
Here are some examples of small business privacy policies that check the appropriate boxes.
The table of contents is arranged like a frequently asked questions (FAQ) page, with headings in the form of questions like “How do we use your information?”
They also keep paragraphs short and use bulleted lists to make the policy more readable.
After customizing it for your small business, copy and paste the following text onto your site, or download the PDF or Word document.