Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

7 Common Privacy Policy Issues to Avoid

Even though all privacy policies seem similar at first glance, they actually require a lot of work to create and customize because businesses collect, process, and use personal information in unique ways.

Plus, different laws and regulations apply to different entities.

Whether you’re about to make your privacy policy for the first time or need to update an existing one, there are 7 Common Privacy Policy Issues to Avoid.

Table of Contents

Spending Too Little Time Preparing

When making a privacy policy, try not to rush through the drafting and preparation phase. Don’t get me wrong, I understand why business owners sometimes do this — we all want the process of creating necessary legal documents to be quick, easy, and painless. But if you don’t spend enough time researching and drafting your privacy policy upfront, it will cause problems that may come back to haunt you later on. That pain could manifest as massive legal fines and negative backlash from your consumers. Even if you plan on using a lawyer or a comprehensive managed solution, like uRISQ, there are still several things that you, as the business owner, need to prepare.

Specifically, you must determine:

     • What data privacy laws apply to your business?
     • What personal data does your website collect from users?
     • Why do you collect the data, and how do you use it?
     • How will you store the data to keep it safe and secure?
     • Do you share the data with any third parties (and do they follow the same privacy guidelines as your business)?

Once you know your answers to these questions, it becomes easier to use a privacy policy template, talk to a lawyer, or even write your own privacy policy.

Never Updating Your Privacy Policy

A privacy policy issue you must avoid is neglecting to update or change it after posting it on your website. Imagine walking into a hotel room that says it was last cleaned in December 2019. Some companies have not updated their privacy policies in years. Privacy policies are living documents that must accurately reflect your current data collection and processing activities. Otherwise, it directly violates data privacy laws and misleads the people who visit and use your platform. This opens up your business to class action lawsuits or regulatory fines. For example, legislation like the California Consumer Privacy Act (CCPA) requires businesses to update their privacy policy at least once every twelve months.

When it comes to your consumers, trust me, you don’t want to lose their trust — look at these alarming data privacy statistics:

• 1 in 5 users always or often reads a company’s privacy policy before agreeing to it.         (Pew Research Center)
• 48% of users have stopped buying from a company over privacy concerns. (Tableau)
• 39% of users would likely turn away from a company that required them to provide highly personal information. (Abacus Group)
• 33% of users have terminated relationships with companies over data. (Cisco)
• 78% of the World’s countries now have data privacy legislation in place. (United Nations)

Taking time today to establish a process for updating your privacy policy can help your business keep up with the fast pace of data privacy legislation.

Misunderstanding What Laws Apply to Your Business

It’s essential that you don’t misunderstand what data privacy laws apply to your business and impact your privacy policy. You are wholly liable for abiding by those regulations.

Most data privacy laws have broad scopes and affect businesses outside the regions where the legislation is in force. In other words, companies not located in Europe still fall under the GDPR, just like entities outside of California can fall under the jurisdiction of the CCPA.

When determining the data protection legislation that affects your company, it may also help if you answer the following questions:

     • What jurisdiction are you in?
     • Where are your customers located?
     • Are there any industry-specific laws you must comply with?

Using Complicated Language

When it comes to the contents of your privacy policy, avoid using unnecessary jargon or legalese. These words and phrases commonly used by lawyers aren’t usually understandable or accessible to the average reader.

Some legislation, including the GDPR, states that entities with privacy policies not written in plain language violate the law. This requirement ensures transparency so everyone can read and understand what’s happening to their personal information and their rights over their data.

Similarly, you should avoid writing large text walls with convoluted run-on sentences.

Keep your audience in mind when making your privacy policy, and implement easy-to-read formatting techniques by taking advantage of tables, charts, graphics, and bullet lists.

Not Reviewing Carefully

Remember in school when your teacher would remind you to check your work? Well, that logic works with your privacy policy, too.

Another common privacy policy issue you want to avoid is neglecting to carefully review your policy before publishing it, even if you use a reputable template.

Ensure you read through it and check for errors, inconsistencies, or anything you may have skipped or left out. You should also double-check it for grammar issues and verify its readability.

Not Getting Clear Consent From Users

Depending on what privacy laws you fall under, you may need to obtain explicit, affirmative opt-in consent from users before data collection occurs. This requirement is notably the case with the GDPR if consent is one of your legal bases for processing personal information.

If you find yourself in this situation, make sure you present all users who access your website or app with a live link to the most current version of your privacy policy and ask them to take some kind of action to denote that they’ve both read and agree to the terms you describe.

I typically recommend using a checkbox — just be sure it’s unmarked, as pre-ticked checkboxes are not GDPR-compliant.

Misplacing It on Your Website

Another common problem you want to avoid with your privacy policy is misplacing it on your website or app or forgetting to post it in necessary areas.

You should always plan to post your policy in more than one spot, but the precise locations depend on what laws your business falls under.

For example, under the CCPA, you must present your users with a notice at or before the point of collection. If you store personal information during the checkout process, you must provide a link to your policy on your checkout page.

Similarly, if you collect personal data from users when they create a login or new profile on your platform, you’ll also need to put a link to your privacy policy there.

Here’s a list of the most common places to include a link to your privacy policy:

     • The footer of your website
     • Payment screens or checkout pages
     • New user account creation pages
     • In your marketing emails
     • On any forms that collect personal information from users


You now know the top nine issues that impact privacy policies and how to prevent them when you go to make your own. By avoiding these common privacy policy issues, you’re setting your website or app up for successful and painless data privacy compliance.

Trust me, it’s worth putting in the extra effort now to avoid those hefty fines and public backlash in the future.

Make it extra simple for yourself, and ask your service provider to sign you up with uRISQ’s Policy Center. With Policy Center you can create the perfect privacy policy that suits your business.

DISCLAIMER: All information, content, materials, and quotes presented in this article are for general informational purposes only and do not, and are not intended to, constitute legal advice.