How to Create a Privacy Policy for Your Website

by Deborah Sweeney | Featured Contributor

Most websites collect information on their visitors to help target markets, track trends, and create effective advertising. It’s still up to the business to protect any information it stores, and to be open and honest with what it does with that information. If you’re running a small business, this is why you need a privacy policy in place.

A privacy policy is a publicly posted notice that covers what information you collect and how you use it. There are currently no federal laws that force every business to post a policy, but many states do require one, and they’re useful in protecting your business from lawsuits. Luckily privacy policies aren’t that hard to create – just make sure that whatever you write includes the following elements.

1) What you’re collecting.

My company’s website collects most of its information through contact forms. Our customers want to know about something, so they fill out a form, give us some of their personal information, and we get in touch. It might sound obvious enough what kind of information we’re collecting, but we plainly and clearly lay out that we are saving that data and that we will use it to contact you. At any point, if you ask your customers for an email address, a name, or a phone number, or if you collect cookies, make sure you mention that you save that information in your privacy policy.

2) Who you’re sharing with.

Most sites refuse to share or sell information collected on their customers, and that’s probably the best practice. If you do share information for promos, you must make that clear in your privacy policy. Your users have a right to know what you’ll do with their information when they give it to you, so they can make an informed decision as to whether or not it’s worth using your site.

3) What you do with it.

Normally, information on web traffic is collected for two reasons – to contact users and to figure out where your web traffic is coming from. Make sure you lay out why your site saves this kind of information. The only way you can really collect personal information is if your users give it to you, so just say that any contact forms that are filled out could be used to contact the user in the future. Cookies are also useful for following web traffic. If the customer doesn’t disclose any personal information on the site, the cookie isn’t going to reveal anything new. But a cookie can be used to track how people got to the site, and what page they are on. That kind of information works to help businesses target their advertising, so if you collect cookies for that purpose, be sure to say so.

4) How you protect information.

You don’t have to cover every individual security protocol you use to protect customer information, but you should assure them that their information is secure. Chances are that your site already has policies in place to protect sensitive information. Give a brief overview of what those policies are, and if you are held to any third-party standards. Again, this shouldn’t be overly technical, but it should affirm your business’s dedication to user privacy.

5) Write for your industry.

Why would an accountant want to use a policy that could also apply to a retailer? You should write your own privacy policy and tailor it for your business’s unique circumstances. Some industries, like healthcare or finance, have special regulations they have to contend with, and if that’s the case, incorporate those regulations into your policy.

6) Write in plain English.

Online privacy and security are two important subjects people are understandably passionate about. It is generally accepted that browsing information will be collected, but there is already an air of suspicion around the businesses and organizations that collect it. If you write a privacy policy that is muddled or full of jargon, your users are going to be upset. Write as plainly and clearly as you can. If your customers understand your privacy policy, they’ll be more likely to accept the terms it proposes. As with most business matters, openness and honesty are the best policies.

——————————————————————————-

Deborah Sweeney – Legal Expert, CEO, MyCorporation.com – Calabasas, CA

As CEO of MyCorporation Business Services, Inc. (MyCorporation.com), Deborah Sweeney is an advocate for protecting personal and business assets for business owners and entrepreneurs. With her experience in the fields of corporate and intellectual property law, Deborah has evolved from lawyer to business owner. She has extensive experience in the start-up and entrepreneurial industry as she has been involved in the formation of hundreds of thousands of businesses for MyCorporation.com’s customers.

Ms. Sweeney received her JD & MBA degrees from Pepperdine University. She is active in the community and loves working with students and aspiring entrepreneurs. She serves on the Board of Regents at California Lutheran University and is a founding member of Partners of Pepperdine. Deborah has served as an adjunct professor at the University of West Los Angeles and San Fernando School of Law in the areas of corporate and intellectual property law. Ms. Sweeney is also well-recognized for her written work online as a contributing writer with top business and entrepreneurial blogging sites.  She is a regular contributor on Forbes, American Express, Social Media Today, and BlogHer among many others.

In her ‘free’ time, Deborah enjoys spending time with her husband and two sons, Benjamin (8) and Christopher (6). Deborah believes in the importance of family and credits the entrepreneurial business model for giving her the flexibility to enjoy both a career and motherhood. Follow her on Twitter @deborahsweeney and @mycorporation.

Deborah Sweeney

Deborah Sweeney is the CEO of MyCorporation.com which provides online legal filing services for entrepreneurs and businesses, startup bundles that include corporation and LLC formation, registered agent services, DBAs, and trademark and copyright filing services. You can find MyCorporation on Twitter at @MyCorporation.