As a marketing agency, you, no doubt, work with a lot of personal data. The internet has made it easier than ever to learn what consumers want and how you can help make your clients more appealing.
However, all that data comes with a lot of responsibility to handle it properly. So legislators have spent the past decade developing laws that strictly regulate how businesses can collect and use personal data to protect people from risks like security breaches and identity theft.
This guide will teach you everything you need to know about privacy policies as a marketing agency, what laws apply to you and your clients, and how to create them as a service.
- Why Data Privacy Is Important For a Marketing Agency
- Which Privacy Laws Affect You and Your Clients?
- Next Steps
Why Data Privacy Is Important For a Marketing Agency
Most modern marketing is done online. Unfortunately, the same information that’s useful to you as a marketer is also attractive to hackers and bad actors.
Furthermore, some marketers mishandle data as well, making it more likely that it falls into the wrong hands.
Legislators have spent the past several years implementing laws — such as the GDPR and CCPA — to protect data privacy. These laws are in place to protect people’s privacy and minimize the risk of security breaches and other privacy violations.
Data privacy laws aim to accomplish this by requiring transparency and significantly limiting the kinds of data businesses can collect online and how that data can be used.
Violators of data privacy laws — whether intentional or not — can face dramatic fines.
Of course, following the law isn’t the only reason to respect your users’ data privacy. You should respect it because it’s the right thing to do and because your clients — and their customers — deserve that courtesy.
It’s important for marketers to be leading the charge in making respect for privacy a normalized and ubiquitous practice.
That being said, following the law is important.
To both respect your users and remain within the law, you need to understand how current data privacy laws restrict data collection and what information you need to give your visitors to legally continue your marketing efforts.
A significant part of complying with these laws is understanding privacy policies.
As a marketing agency, you’re likely to receive website visitors from around the country. That means that you’re likely to get visitors from places like California or the EU, both of which strictly regulate how their citizens’ data can be collected and used.
Your clients most likely need privacy policies, and would probably be eager to accept a solution from you.
- Collects user data that might in any way be identifying
- Collects user data about financial or private health concerns
- Services people in regions covered by data privacy laws
- Sells or shares user data
- Is accessible to minors
Which Privacy Laws Affect You and Your Clients?
Here are the most significant data privacy laws and regulations that will impact your marketing agency and your clients:
General Data Protection Regulation (GDPR)
The EU’s GDPR is the strictest and most crucial privacy law for most marketing agencies. This law covers a wide variety of digital privacy concerns and names seven rights all people have to privacy online:
- The right to be informed
- The right to access your personal data
- The right of rectification
- The right of erasure
- The right to restrict processing
- The right to data portability
- The right to object
These rights mean that all organizations that service or interact with EU citizens must post clear privacy policies explaining how they collect and use personal data and how visitors can opt in.
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
The CCPA and CPRA combined align closely with the GDPR. The primary difference is that California’s rules are slightly less strict, offering people the opportunity to opt out of data collection instead of opting in.
California Online Privacy Protection Act (CalOPPA)
CalOPPA requires organizations to include privacy policies on their websites. It also dictates how these policies should be structured and how to notify users they exist.
Children’s Online Privacy Protection Act (COPPA)
COPPA requires that privacy policies explain to parents how you’re using a child’s data, how you’re protecting it, and what rights the parents have over the data.
The law also states that sites that know they have child visitors must post a direct notice on the home page to notify parents of this policy.
Health Insurance Portability and Accounting Act (HIPAA)
HIPAA is one of the most well-known privacy laws in the US. It guarantees everyone the right to keep their medical information private.
In particular, it bars organizations from sharing protected health information without patients’ permission. It also requires patients to be informed of exactly how their information is used and stored through a Privacy Practices Notice.
Organizations such as healthcare services, medical providers, and health insurance companies must comply with HIPAA.
Gramm Leach Bliley Financial Modernization Act (GLBA)
The GLBA applies to financial organizations such as credit card providers and banks. These organizations must inform consumers clearly and concisely what they do with their information.
The Act has specific requirements for how consumers must be notified, including posting policies online and sending them by mail.
Other US State Laws
So far, several other US states have implemented privacy laws that may impact your marketing agency and your clients.
These laws include:
- Colorado Privacy Act (CPA)
- Connecticut Data Privacy Act
- Virginia’s Consumer Data Protection Act (VCDPA),
- Utah Consumer Privacy Act
- New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act
You may still need to sell your clients on the idea of privacy policies if they’ve never thought about it before or don’t see the need.
Here’s a few excellent selling points that you can bring up with your clients:
Show them some stats: The following data privacy stats will help convince any business owner to take data privacy seriously.
- Most companies see a very positive return on their privacy investment, and over 40% see benefits at least double their privacy spend. (Ledgeview Partners)
- 60% of users say they would spend more money with a brand they trust to handle their personal data responsibly. (Global Consumer State of Mind Report 2021)
- 37% of users say that companies that are transparent about how they collect and use data and are more proactive in enforcing data privacy online reduce their concerns. (TrustArc)
- 48% of users have stopped buying from a company over privacy concerns. (Tableau)
- 92% of consumers agree that companies must be proactive about data protection (PwC)
- 87% of respondents would not do business with a company if they had concerns about the company’s data security practices (McKinsey)
The following solutions are the most effective methods for creating privacy policies for any website, whether it’s your own or your clients’.
Partner With a Managed Solution Like Termly
The simplest way to produce high-quality, up-to-date privacy policies for your clients is to work with a managed solution.
With Termly’s Agency Partner Program, you’ll have access to a wide variety of tools to ensure that all of your clients consistently remain in compliance with all data privacy laws even when they change.
We offer marketing agencies of all sizes — big or small — the following:
- Multi-domain management: You can manage all of your licenses from one account.
- Centralized billing: We have volume-based discounted pricing starting at 10 domains, and all licenses can be billed to a single account. Additional domains can be added ad hoc.
- Multi-user functionality: You can add customers or employees to domains with customizable access levels.
- Tech stack: Termly has a dedicated API, in addition to a WordPress plugin, a Google Tag Manager template, and other tools to help make integration easy.
- Support: We offer live training sessions, video walkthroughs, webinars, and more for our partners. Our support can help with technical concerns, legal questions, and any issues that come up, both for you as an agency and for your clients.
Use Our Template or Create Them From Scratch
These options are more time consuming and less secure. If you’re writing your own policies, you’ll need ensure that each client’s policy meets all legal requirements.
If you choose to go this route, we have come up with some tips below.
Data Usage Information: An explanation of how and why data is used.
- Data Sharing and Handling Information: Explain if and how data is handled and shared.
- Opt-In and Opt-Out Instructions: Explain how users can opt in and opt out of data collection and processing.
- Business Transfer Information: Explains how client information is protected should a company come under new ownership.
- Use simple language: The GDPR and CCPA require that privacy policies be written in plain language. That means they can’t be written in dense legal terminology. After you’ve developed your policy, try using a writing analysis tool to determine its reading grade level. Aim for an eighth-grade level or lower so everyone can understand it.
- Make it accessible: Accessibility is becoming a more considerable concern online by the day. The CCPA actually requires that legal policies be adequately accessible to everyone.
- Use a table of contents: Privacy policies can get quite long. Add a hyperlinked table of contents to the top so people can see what’s in the policy at a glance and quickly jump to the sections that interest them.