5 Critical Provisions in your Privacy Policy – By Katy Atlas

by Sara Szado on April 15, 2019

Why do you need a privacy policy?

Privacy law is not based on one single legal authority. Rather, there is a complex, overlapping body of United States federal and state statutory authority, alongside competing international legislation.

Often, cases involving privacy issues are brought under Section 5 of the Federal Trade Commission (FTC) Act, dealing with unfair and deceptive acts and practices affecting commerce, but not always.

A good privacy policy can help you avoid basic pitfalls under any of these systems. This article will examine a few key provisions that your privacy policy should include.

Type of Information Collected

Your privacy policy should explain to users what types of information you are collecting. Are you using cookies to track purchases made after visiting the website? Are you storing passwords or sensitive personal information that requires additional privacy protections? These are the types of questions that your privacy policy should answer.

How Information is Used

Next, you should inform users of how your website will be using their information. Are you collecting user information to make the content on your website better? Are you selling user information to third parties? Are you sending emails or retargeting users after they visit your site? All of these should be explained in detail in your privacy policy.

Third Party Access to Information

If you are transmitting or selling any user information to third parties, users should be made aware in your privacy policy.

Additionally, it is a good practice to include an additional opt-in on submission of the information to your site.

How Changes are Communicated

You should also include a provision explaining to users how to access any updates to your privacy policy that come at a later date. Often, this is done though posting a new version of your privacy policy to your site, but there are circumstances where you may want to make this more visible to users.

Contact Info

Finally, you should include current, working contact information in case users have questions about your policy. Prompt, courteous responses to user inquiries are always better

than responding to complaints from regulators, so contact information is a must.

These provisions contain the foundations of a good privacy policy. Remember that some states and countries have additional requirements that you should also include. This article is meant to be helpful and informative, but is not a substitute for reviewing regulatory guidance yourself or with counsel.

Katy Atlas is Wickfire’s Chief Strategy Officer and General Counsel. This article appeared in issue 46 of FeedFront Magazine, which was published in April 2019. Visit here for the full edition.

Comments on this entry are closed.