How Marketing Agencies Can Create and Offer Privacy Policies

Partner With Termly

As a marketing agency, you, no doubt, work with a lot of personal data. The internet has made it easier than ever to learn what consumers want and how you can help make your clients more appealing.

However, all that data comes with a lot of responsibility to handle it properly. So legislators have spent the past decade developing laws that strictly regulate how businesses can collect and use personal data to protect people from risks like security breaches and identity theft.

This guide will teach you everything you need to know about privacy policies as a marketing agency, what laws apply to you and your clients, and how to create them as a service.

Table of Contents
  1. Why Data Privacy Is Important For a Marketing Agency
  2. Do Your Clients Need a Privacy Policy?
  3. Which Privacy Laws Affect You and Your Clients?
  4. How To Convince Your Clients They Need a Privacy Policy
  5. How To Offer Your Clients a Privacy Policy Solution
  6. Tips for Making a Good Privacy Policy For Your Clients
  7. Next Steps

Why Data Privacy Is Important For a Marketing Agency

Most modern marketing is done online. Unfortunately, the same information that’s useful to you as a marketer is also attractive to hackers and bad actors.

Furthermore, some marketers mishandle data as well, making it more likely that it falls into the wrong hands.

Legal Reasons

Legislators have spent the past several years implementing laws — such as the GDPR and CCPA — to protect data privacy. These laws are in place to protect people’s privacy and minimize the risk of security breaches and other privacy violations.

Data privacy laws aim to accomplish this by requiring transparency and significantly limiting the kinds of data businesses can collect online and how that data can be used.

Creating a privacy policy is how businesses must comply with the transparency requirements set by these laws. 

Violators of data privacy laws — whether intentional or not — can face dramatic fines.

Ethical Reasons

Of course, following the law isn’t the only reason to respect your users’ data privacy. You should respect it because it’s the right thing to do and because your clients — and their customers — deserve that courtesy.

It’s important for marketers to be leading the charge in making respect for privacy a normalized and ubiquitous practice.

That being said, following the law is important.

To both respect your users and remain within the law, you need to understand how current data privacy laws restrict data collection and what information you need to give your visitors to legally continue your marketing efforts.

A significant part of complying with these laws is understanding privacy policies.

Does Your Marketing Agency Itself Need a Privacy Policy?

The short answer is yes; you need a privacy policy for your marketing agency itself.

As a marketing agency, you’re likely to receive website visitors from around the country. That means that you’re likely to get visitors from places like California or the EU, both of which strictly regulate how their citizens’ data can be collected and used.

Do Your Clients Need a Privacy Policy?

Your clients most likely need privacy policies, and would probably be eager to accept a solution from you.

A client’s website needs a privacy policy if it:

  • Collects user data that might in any way be identifying
  • Collects user data about financial or private health concerns
  • Services people in regions covered by data privacy laws
  • Sells or shares user data
  • Is accessible to minors

Offering your clients a privacy policy as a service provided by you is also a great selling point and a way to differentiate your agency from the competition.

Which Privacy Laws Affect You and Your Clients?

Here are the most significant data privacy laws and regulations that will impact your marketing agency and your clients:

General Data Protection Regulation (GDPR)

The EU’s GDPR is the strictest and most crucial privacy law for most marketing agencies. This law covers a wide variety of digital privacy concerns and names seven rights all people have to privacy online:

  1. The right to be informed
  2. The right to access your personal data
  3. The right of rectification
  4. The right of erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object

These rights mean that all organizations that service or interact with EU citizens must post clear privacy policies explaining how they collect and use personal data and how visitors can opt in.

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

Any company that services Californians in the US most likely needs to comply with CCPA and CPRA regulations.

The CCPA and CPRA combined align closely with the GDPR. The primary difference is that California’s rules are slightly less strict, offering people the opportunity to opt out of data collection instead of opting in.

California Online Privacy Protection Act (CalOPPA)

CalOPPA requires organizations to include privacy policies on their websites. It also dictates how these policies should be structured and how to notify users they exist.

Children’s Online Privacy Protection Act (COPPA)

COPPA requires any business with a website that is visited by minors under the age of 13 to include a privacy policy explaining its specific practices regarding child data.

COPPA requires that privacy policies explain to parents how you’re using a child’s data, how you’re protecting it, and what rights the parents have over the data.

The law also states that sites that know they have child visitors must post a direct notice on the home page to notify parents of this policy.

Health Insurance Portability and Accounting Act (HIPAA)

HIPAA is one of the most well-known privacy laws in the US. It guarantees everyone the right to keep their medical information private.

In particular, it bars organizations from sharing protected health information without patients’ permission. It also requires patients to be informed of exactly how their information is used and stored through a Privacy Practices Notice.

Organizations such as healthcare services, medical providers, and health insurance companies must comply with HIPAA.

Gramm Leach Bliley Financial Modernization Act (GLBA)

The GLBA applies to financial organizations such as credit card providers and banks. These organizations must inform consumers clearly and concisely what they do with their information.

The Act has specific requirements for how consumers must be notified, including posting policies online and sending them by mail.

Other US State Laws

So far, several other US states have implemented privacy laws that may impact your marketing agency and your clients.

These laws include:

How To Convince Your Clients They Need a Privacy Policy

You may still need to sell your clients on the idea of privacy policies if they’ve never thought about it before or don’t see the need.

Here’s a few excellent selling points that you can bring up with your clients:

  • Legal compliance: In most cases, a privacy policy isn’t optional. Analyze your clients’ websites and determine if they fall under privacy law. Then explain why it is required and what happens if they don’t comply.
  • Protection from liability: Even if a client isn’t currently operating somewhere with data privacy laws, that may change. Explain to them that having a privacy policy is an excellent way to shut down potential litigation before it occurs.
  • Customer trust: A privacy policy is a great way to build customer trust. Explain to your clients that consumers nowadays are more aware of data privacy, and implementing these policies will help them build a better reputation in the marketplace.
  • Show them some stats: The following data privacy stats will help convince any business owner to take data privacy seriously.

    • Most companies see a very positive return on their privacy investment, and over 40% see benefits at least double their privacy spend. (Ledgeview Partners)
    • 60% of users say they would spend more money with a brand they trust to handle their personal data responsibly. (Global Consumer State of Mind Report 2021)
    • 37% of users say that companies that are transparent about how they collect and use data and are more proactive in enforcing data privacy online reduce their concerns. (TrustArc)
    • 48% of users have stopped buying from a company over privacy concerns. (Tableau)
    • 92% of consumers agree that companies must be proactive about data protection (PwC)
    • 87% of respondents would not do business with a company if they had concerns about the company’s data security practices (McKinsey)
  • Third-party requirements: Even if your clients are not legally obligated to have a privacy policy, some third-party services — like Google Analytics — require them to use their software. This point is especially applicable when it comes to working with marketing tools.
  • Ethics: An excellent reason for your clients to implement a privacy policy is because it’s the right thing to do. Communicate to your clients that a culture of privacy is growing, and letting their visitors know what’s happening with their data is the right ethical choice.

How To Offer Your Clients a Privacy Policy Solution

The following solutions are the most effective methods for creating privacy policies for any website, whether it’s your own or your clients’.

Partner With a Managed Solution Like Termly

The simplest way to produce high-quality, up-to-date privacy policies for your clients is to work with a managed solution.

With Termly’s Agency Partner Program, you’ll have access to a wide variety of tools to ensure that all of your clients consistently remain in compliance with all data privacy laws even when they change.

Our privacy policy generator will help you create automatically updating and legally compliant privacy policies for your clients. You simply answer a few questions about a client’s website, and the generator creates a custom and comprehensive privacy policy!

Additionally, you will get access to our cookie consent management solution and generators for various other policies such as Terms and Conditions, Disclaimers, Cookie Policies, EULAs, and more.

We offer marketing agencies of all sizes — big or small — the following:

  • Multi-domain management: You can manage all of your licenses from one account.
  • Centralized billing: We have volume-based discounted pricing starting at 10 domains, and all licenses can be billed to a single account. Additional domains can be added ad hoc.
  • Multi-user functionality: You can add customers or employees to domains with customizable access levels.
  • Tech stack: Termly has a dedicated API, in addition to a WordPress plugin, a Google Tag Manager template, and other tools to help make integration easy.
  • Support: We offer live training sessions, video walkthroughs, webinars, and more for our partners. Our support can help with technical concerns, legal questions, and any issues that come up, both for you as an agency and for your clients.

Use Our Template or Create Them From Scratch

You can create your clients’ privacy policies by using our privacy policy template or just writing them from scratch.

These options are more time consuming and less secure. If you’re writing your own policies, you’ll need ensure that each client’s policy meets all legal requirements.

If you choose to go this route, we have come up with some tips below.

Tips for Making a Good Privacy Policy For Your Clients

There’s more to making a good privacy policy than just including the correct sections. So no matter who you’re creating a policy for, these tips can help you make it shine.

  • Include all the necessary sections: There are a lot of things you need to include in a privacy policy, and each client may be different. Here are some of the most common sections:

    • List of Collected Data Types: The most fundamental part of a privacy policy is the disclosure of the personal information that is collected from users.
    • Data Usage Information: An explanation of how and why data is used.
    • Data Sharing and Handling Information: Explain if and how data is handled and shared.
    • Opt-In and Opt-Out Instructions: Explain how users can opt in and opt out of data collection and processing.
    • Business Transfer Information: Explains how client information is protected should a company come under new ownership.
    • Links to Other Policies: Include links to other legal policies such as Terms of Use and Cookie Policies.
    • Changes to Policy Information: Let users know how and when the privacy policy has been updated or changed.
  • Use simple language: The GDPR and CCPA require that privacy policies be written in plain language. That means they can’t be written in dense legal terminology. After you’ve developed your policy, try using a writing analysis tool to determine its reading grade level. Aim for an eighth-grade level or lower so everyone can understand it.
  • Make it visible: Data privacy laws require your policies to be easily accessible on your website. It’s a good idea to clearly link the privacy policy at the bottom of every webpage, as well as in your initial privacy and cookie collection pop-ups or banners.
  • Make it accessible: Accessibility is becoming a more considerable concern online by the day. The CCPA actually requires that legal policies be adequately accessible to everyone.
  • Use a table of contents: Privacy policies can get quite long. Add a hyperlinked table of contents to the top so people can see what’s in the policy at a glance and quickly jump to the sections that interest them.
  • Keep it up to date: As laws change, your privacy policy must be updated to remain in compliance. If you’re not using a managed solution like Termly, it’s a good idea to check on your privacy policy at least once a month to ensure no new laws have come out that affect what you need to include.

Next Steps

You can offer your clients a privacy policy as part of your marketing agency’s services today by exploring Termly’s Agency Partner Program. We will provide you with a customized data privacy compliance solution that you can offer to your clients.

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources