To stay compliant with privacy laws and continue to operate your business transparently, you need to make privacy policy updates and notify your users of these changes.
As you already know, you’re required to have a privacy policy to meet certain legal privacy standards. Failing to maintain an updated privacy policy can compromise your compliance and undermine user trust.
When you make privacy policy changes, notify your users in order to stay compliant with laws and regulations, and to develop a strong rapport with your customers.
1. Why Make Privacy Policy Updates
Online business is dynamic. Changes are often made to forecasts, models, partnerships, and business plans in order to better suit a company’s needs.
As with all company practices and policies, it’s essential to review your privacy policy to ensure that it’s up-to-date and still an accurate reflection of your current way of doing business.
Every time you change the functionality of your website or the way you interact with user data, you need to review your privacy policy and consider whether it still adequately addresses your data collection practices.
If you add a new payment option to your online store, for example, or overhaul your platform — which may collect user information in a different way — you need to read over and possibly update your privacy policy.
Furthermore, if state or federal laws change, you may need to update your privacy policy to comply with those laws or amendments.
With the California Consumer Privacy Act (CCPA) officially in effect as of 2020, you should review your current privacy policy to make sure it meets CCPA privacy policy requirements.
2. Why You Should Inform Users About Privacy Policy Updates
Depending on applicable laws, you may be legally required to provide notification of any changes you make to your privacy policy.
It’s also best business practice to incorporate privacy by design and create an atmosphere of transparency with your customers regarding their data.
Here are some reasons why you need to notify users about privacy policy changes.
1. You Want to Avoid Legal Challenges
You may be legally required to have a privacy policy if you collect personal information from users. Many of the same laws that require privacy policies, require privacy policy updates and update notifications.
Here are some laws that require privacy policy updates:
- The California Online Privacy Protection Act (CalOPPA)
- The California Consumer Privacy Act (CCPA)
- The General Data Protection Regulation (GDPR)
- The Federal Trade Commission’s Gramm-Leach-Bliley Act
Failing to comply with these laws can result in fines of thousands, or even millions, of dollars.
Federal legislation also prohibits deceptive business practices. If you change your privacy policy but don’t notify users of updates, it can be framed in court as a deceptive business practice.
2. You Want to Avoid Public Backlash
Internet users are becoming more conscious of the information they share online. Along with emerging US and international privacy laws, internet users are also putting more focus on how their personally identifiable information is collected and used.
In order to earn trust with customers, it’s crucial for businesses to be transparent about their use of personal information. To keep up with growing fears over data collection, your privacy policy should be frequently updated to remain transparent.
Letting users know that you updated your policy will help build and maintain trust, and allow individuals to review any changes in how you handle their personal information.
3. You Market to Children
Your responsibilities over data are especially serious if your website markets to children. Data collected from users under the age of 13 is protected under the Children’s Online Privacy Protection Act (COPPA).
If you are updating your website with anything that remotely relates to children under 13, perform a critical review of your privacy policy to make sure it’s COPPA-compliant.
Notify the parents or guardians of users that you’ve updated your privacy policy, so they can review the changes on their children’s behalf.
3. How You Can Notify Users About Privacy Policy Updates
After you’ve updated your privacy policy, alert users to the changes.
Here’s how you can notify users of your privacy policy updates:
Banner or Pop-up Notice
Place a banner or pop-up on your site’s homepage that lets users know about your updated policy. Make sure it’s in a visible location so users have the opportunity to leave if they find the changes unacceptable.
Here’s an example of a privacy policy update banner from Baxter’s homepage, which links to their updated privacy policy.
Your banner or pop-up should link to your new privacy policy so users can review it in detail.
Privacy Policy Update Email
Your notification email should also include a link to the complete text of the new privacy policy.
Here’s an example of a 2018 privacy policy update email from Couchsurfing detailing their privacy policy changes for the GDPR.
Whenever you send “We’ve updated our privacy policy” emails to users, also give an overview of the privacy policy changes you made.
That way, in the event of a legal challenge, you can make the argument that users were not only informed of the policy updates, but you made the information accessible and easy to comprehend.
Blog or News Post
You can also create a blog post for your site about your latest privacy policy changes.
For example, WordFly’s privacy policy update blog post includes a bullet list summarizing the company’s privacy policy updates.
Keep your privacy policy update post short and sweet by going over the key changes and linking to your updated privacy policy.
4. Why Are Privacy Policies Changing
While the occasional privacy policy update email likely just means the company has changed its policies, a sudden onslaught of updates and accompanying notifications usually means there’s a new privacy law.
The introduction of legislation like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) has ushered in a new privacy landscape. With growing public concern over user data and data breaches, laws are being passed around the world every year to better regulate digital data handling.
So, why is everybody updating their privacy policies year after year? In short, they have to, and you probably do too.
The majority of privacy laws establish new standards for privacy policies. So when a new law or regulation comes to pass, one of the first steps you need to take to stay compliant is to update your privacy policy and notify users of the changes.
