To stay compliant with privacy laws and continue to operate transparently, you need to make privacy policy updates and notify your users of these changes.
As you already know, you’re required to have a privacy policy (use a website privacy policy template or an email privacy policy template to make sure you cover the necessary sections) to meet legal privacy standards. But many companies fail to maintain an updated privacy policy — compromising their compliance and undermining user trust.
When you make changes to your privacy policy, notify your users in order to stay compliant with laws and regulations, and to develop a strong rapport with your customers.
1. Why Would You Make Changes to Your Privacy Policy?
The ecosystem of business — particularly online business — is not static. Changes are often made to forecasts, models, and business plans in order to better suit the company’s needs. These changes are based on critical growth assessments and fiscal performance reviews.
As with all company practices and policies, it is essential to periodically review your privacy policy to ensure that it’s up-to-date and still an accurate reflection of your current way of doing business.
Every time you change the functionality of your website, you should review your policy and consider whether it still adequately addresses your data collection practices. If you add a new payment option to your online store, for example, or overhaul your platform — which may collect user information in a different way — you need to review and possibly update your privacy policy.
If you make any changes to your policies, make sure you also keep a records of those changes.
Any alterations to your online presence may result in the collection of more user information, whether or not that is what you intend.
Similarly, if state or federal laws change, you are obligated to comply and must ensure that your policy is consistent with the new legal mandates.
2. Why Should You Tell Users About Privacy Updates?
Depending on the kind of information you collect, your privacy policy will be governed by state and/or federal laws. You may be required to provide notification of any changes you make to your legal policies.
It also makes good business sense to incorporate privacy by design and create an atmosphere of transparency with your customers in order to gain their trust.
1. You Want to Avoid Legal Challenges
You are legally required to have a privacy policy if your site collects personal information from customers. Personal information includes birthdates, names, email addresses, and phone numbers.
This requirement is the result of state laws such as the California Online Privacy Protection Act (CalOPPA), which applies to any website that gathers information from California consumers, regardless of the location of the business.
The FTC’s Gramm-Leach-Bliley Act also governs privacy and the collection of financial data — including credit card information. Failure to comply with state or federal laws can result in serious legal sanctions against your business.
Violations to privacy laws can result in fines of thousands — or even millions — of dollars.
Federal legislation also prohibits engagement in deceptive business practices. If you change your privacy policy and do not let anyone know, you have not fulfilled your obligation to your consumers.
Changing the rules without notice can be framed in court — and in the public eye — as a deceptive practice and companies who do not abide by their own privacy policies risk a lawsuit brought by their state’s attorney general.
2. You Want to Avoid Public Backlash
Increasingly, internet users are becoming more conscious of the information they share online. While much focus in the U.S. and internationally regarding online privacy law is on personally identifiable information, concerns are also frequently raised about aggregate data that is collected and sold in order to streamline marketing efforts.
Legal protections for this kind of information were supposed to come into effect this fall, but the Washington Post reported in March that the proposed protections have been halted by the new administration.
In order to earn trust with customers, it is crucial for businesses to be transparent about their use of information. The Small Business Administration recommends that your privacy policy include descriptions of how you use cookies — identifiers that track user history — and about the information that is collected, stored, or sold.
On top of disclosing your cookie use in your privacy policy, you should provide users with a cookie policy that expands upon those activities. Take advantage of a cookie policy template if you aren’t sure what information should be outlined in this document.
Customers should have easy access to a contact form for any questions or complaints.
3. You Market to Children
Your responsibility is particularly serious if your website attracts or markets specifically to children. Data collected from users under the age of 13 is subject to federal legislation implemented to protect them and their interests.
If you are updating your website with anything that remotely relates to children under 13, perform a critical review of your privacy policy language and make sure it complies with the Children’s Online Privacy Protection Act (COPPA).
Wondering how net neutrality affects small business in the U.S? Changes at the federal level are causing states to take matters into their own ends for ensuring the internet is a level playing field for companies of all sizes.
3. How to Notify Users About Updates
After you have drafted your updated privacy policy, it is essential to let your users know in a way that makes them aware of the changes. If you have an email list of customers, send a notice when the policy is in place or in advance of planned updates.
If you run a site which has regular users who may need time to transition off of your site if they do not agree to your new policy, you should offer them the courtesy of advanced notice of at least a couple of weeks.
Notice may or may not be legally required, but it is a great way to develop trust with your customers.
You can also create a blog post or addition to your site’s news section. Place a banner on your site’s home page and/or a pop-up that lets people know about the new policy before they begin to interact with the site. That way, they have the opportunity to leave if they find the changes unacceptable.
Your notification email or pop-up should include a link to the complete text of the new privacy policy. Ideally, you also want to include a point-form snapshot of key changes. That way, in the event of a legal challenge, you can make the argument that users were not only informed of the policy updates, but you made the information accessible and easy to comprehend, as well.
4. It’s About Trust
At the end of the day, maintaining trust with your users is what will keep you in business. In the world of online business, your customers rarely have voice-to-voice or face-to-face contact with a real person who works for your business. Your trust is built almost entirely on the promises you make through the text and images on your site, and how well you keep those promises.
Regardless of whether it is a legal requirement, being upfront about how you handle user data is one way to develop long-lasting customer relationships.
Leave a Reply