Privacy Policy: Consideration for Every Website Owner

Privacy Policy: Consideration for Every Website Owner

Matt: Hi, it’s Matt Plessner, and welcome to another installment of Internet Law Radio. Today’s topic is privacy policy. We’re going to talk about what this means and its importance as well. And to guide us, we’re speaking today with internet attorney Brian Hall from the Traverse Legal office of Traverse City, MI. Brian thanks again for joining us today.

 

Brian: Thanks a lot, Matt. It’s good to be here.

 

Matt: Now to start off, Brian, what is privacy policy?

 

Brian: Well, privacy policy is a written agreement that website owners place on their website. And what it does is it identifies the information that the website is collecting with any user, how they are using that information, and if they are sharing that information, with whom they’re sharing it. So, in its simplest form, it’s a contact between the user and the website owner. And in its more complex form, it contains various provisions that obligate both the website owner to do certain things with the information and, most importantly, notifies users what that information is going to be used to do.

 

Matt: Now, are there provisions that every privacy policy should contain?

 

Brian: Yes, by all means. First and foremost, a privacy policy should contain an identification of all the personal information that’s collected. So, it might be a person’s first name, last name, email address, various social media profile account information, [or] whatever it might be about them individually. It should also identify to the extend that it collects it any other personally identifiable information. So, personally identifiable information is different from personal information in that personally identifiable information needs to be combined with something else in order to identify the person, but it can be done. The most common example of personally identifiable information is an IP address. But there are others as well, such as the Geo-location of the user, or what kind of mobile-access device they are using, or any other kind of analytic data that might commonly be seen in Google analytics or otherwise. So knowing what information is collected is critical to a privacy policy and then beyond that, knowing how that information is used. So is it simple used to enable the website to provide its goods or services to the consumer, the user? Or, is it used to also then be shared with others and used to have direct advertising given to that website user. So, information collected, how it’s used and how it’s shared, is really the cornerstones of any privacy policy.

 

Matt: Brian, why should my website have a privacy policy?

 

Brian: In today’s day and age, it’s becoming more and more important to have one just from a pure liability standpoint. And what I mean by that is, if you don’t have a privacy policy, there’s different governmental entities that have been starting take action because you haven’t been properly disclosing to the user what you have been doing with their information, how you’re collecting it, what you’re collecting-those kinds of things. So, from a pure liability standpoint, it’s advisable to have one. It’s important to know that, in a privacy policy, much like in a terms and conditions or website agreement you can put language that tries insulate and yourself from liability as a website owner or otherwise mitigate the liability of which you could face if you didn’t have one otherwise. 

 

Matt: What would you say, Brian, most website users look for in a privacy policy? 

 

Brian: That’s a great question, and we should probably talk a little bit about how it’s important for the website owner to put the website user on notice of the privacy policy. So oftentimes, we talk about what is known as click wrap agreements. And I’m sure you’ve seen them, Matt, and most people have entered into them, and that where you go to a website and, before you can register, or maybe even before you can access the website, a little pop-ups says that you agree that you have read the terms and conditions and agree to the same; click “I agree”. So, that’s a click wrap agreement, and that makes a privacy policy and other terms more enforceable if an issue arose. So by providing that notice to the user, whether or not they decide to read it is on them. But the website owner should at least make that available so that yes, indeed, they will more likely than not read it, or at least have the opportunity to read it. So then once they are given that opportunity, you know, website users are looking for the information that I talked about at the outset. They want to know what information they are providing, which is not that complicated because typically, they’re providing the information as part of the user experience, but i think most importantly, they want to know how that information is being used and shared. So, will the website user be providing that to someone else who is going to target the user with marketing? Or are they going to be receiving emails from third parties that they didn’t think they were going to be entering into in agreement to receive those kinds of things. All those kinds of considerations are really what users look for in a privacy policy.

 

Matt: And of course, Brian, having an attorney review or even write my privacy policy is a good idea, correct?

 

Brian: Yes, by all means. I get this question all the time. Somebody will call me and tell me “hey, there’s a ton of privacy policies out there, why don’t I just copy and paste it and put it on my website?”. Well, it’s a very risky endeavor because there’s more to simply that language in a privacy policy. There needs to be an understanding of what the underlying business is doing to comply with that privacy policy. So you don’t want to say that you’re collecting X, Y, and Z information when in fact you’re not. And you don’t want to say that you are not sharing information with advertisers when, in fact, you are. So it’s critically important to make sure that you’re privacy policy matches your actual use, collection, storage, sharing, [or] whatever it might be of that user information. And that’s where an internet attorney such as myself or someone else can come into play and advise you about the different considerations, the different liabilities that you face when you do different things with information, and most importantly, advise you about some laws that are out there that require certain things in privacy policies. And those are changing almost weekly. So it started with children’s online privacy protection provisions, then it moved to California, for example, requiring that a website owner that might share your information with a third party keep records of that and provide it to an internet user if they ask for it. So all those kinds of constant changes and understanding how your particular website operates is a key to drafting a privacy policy that makes sense for your business. 

 

Matt: Well thank you very much Brian for being with us today. It’s always nice to have you here, and we look forward to talking with you more soon.

 

Brian: Thanks a lot Matt.

 

Matt: This is Matt Plessner for internet law radio

 

 

 

Categories