7 Common Privacy Policy Issues to Avoid
Even though all privacy policies seem similar at first glance, they actually require a lot of work to create and customize because businesses collect, process, and use personal information in unique ways.
Plus, different laws and regulations apply to different entities.
Whether you’re about to make your privacy policy for the first time or need to update an existing one, there are 7 Common Privacy Policy Issues to Avoid.
Table of Contents
Specifically, you must determine:
• What data privacy laws apply to your business?
• What personal data does your website collect from users?
• Why do you collect the data, and how do you use it?
• How will you store the data to keep it safe and secure?
• Do you share the data with any third parties (and do they follow the same privacy guidelines as your business)?
Once you know your answers to these questions, it becomes easier to use a privacy policy template, talk to a lawyer, or even write your own privacy policy.
When it comes to your consumers, trust me, you don’t want to lose their trust — look at these alarming data privacy statistics:
• 1 in 5 users always or often reads a company’s privacy policy before agreeing to it. (Pew Research Center)
• 48% of users have stopped buying from a company over privacy concerns. (Tableau)
• 39% of users would likely turn away from a company that required them to provide highly personal information. (Abacus Group)
• 33% of users have terminated relationships with companies over data. (Cisco)
• 78% of the World’s countries now have data privacy legislation in place. (United Nations)
Taking time today to establish a process for updating your privacy policy can help your business keep up with the fast pace of data privacy legislation.
It’s essential that you don’t misunderstand what data privacy laws apply to your business and impact your privacy policy. You are wholly liable for abiding by those regulations.
Most data privacy laws have broad scopes and affect businesses outside the regions where the legislation is in force. In other words, companies not located in Europe still fall under the GDPR, just like entities outside of California can fall under the jurisdiction of the CCPA.
When determining the data protection legislation that affects your company, it may also help if you answer the following questions:
• What jurisdiction are you in?
• Where are your customers located?
• Are there any industry-specific laws you must comply with?
When it comes to the contents of your privacy policy, avoid using unnecessary jargon or legalese. These words and phrases commonly used by lawyers aren’t usually understandable or accessible to the average reader.
Some legislation, including the GDPR, states that entities with privacy policies not written in plain language violate the law. This requirement ensures transparency so everyone can read and understand what’s happening to their personal information and their rights over their data.
Similarly, you should avoid writing large text walls with convoluted run-on sentences.
Keep your audience in mind when making your privacy policy, and implement easy-to-read formatting techniques by taking advantage of tables, charts, graphics, and bullet lists.
Remember in school when your teacher would remind you to check your work? Well, that logic works with your privacy policy, too.
Another common privacy policy issue you want to avoid is neglecting to carefully review your policy before publishing it, even if you use a reputable template.
Ensure you read through it and check for errors, inconsistencies, or anything you may have skipped or left out. You should also double-check it for grammar issues and verify its readability.
Depending on what privacy laws you fall under, you may need to obtain explicit, affirmative opt-in consent from users before data collection occurs. This requirement is notably the case with the GDPR if consent is one of your legal bases for processing personal information.
If you find yourself in this situation, make sure you present all users who access your website or app with a live link to the most current version of your privacy policy and ask them to take some kind of action to denote that they’ve both read and agree to the terms you describe.
I typically recommend using a checkbox — just be sure it’s unmarked, as pre-ticked checkboxes are not GDPR-compliant.
Another common problem you want to avoid with your privacy policy is misplacing it on your website or app or forgetting to post it in necessary areas.
You should always plan to post your policy in more than one spot, but the precise locations depend on what laws your business falls under.
For example, under the CCPA, you must present your users with a notice at or before the point of collection. If you store personal information during the checkout process, you must provide a link to your policy on your checkout page.
Similarly, if you collect personal data from users when they create a login or new profile on your platform, you’ll also need to put a link to your privacy policy there.
Here’s a list of the most common places to include a link to your privacy policy:
• The footer of your website
• Payment screens or checkout pages
• New user account creation pages
• In your marketing emails
• On any forms that collect personal information from users
You now know the top nine issues that impact privacy policies and how to prevent them when you go to make your own. By avoiding these common privacy policy issues, you’re setting your website or app up for successful and painless data privacy compliance.
Trust me, it’s worth putting in the extra effort now to avoid those hefty fines and public backlash in the future.
Make it extra simple for yourself, and ask your service provider to sign you up with uRISQ’s Policy Center. With Policy Center you can create the perfect privacy policy that suits your business.
DISCLAIMER: All information, content, materials, and quotes presented in this article are for general informational purposes only and do not, and are not intended to, constitute legal advice.
