Privacy Policy – Best Practices For Your Website

The topic of privacy is at the forefront of the list of legal issues being discussed on the web. Do Google and Facebook respect privacy? Should you have any real expectation of privacy on the web? The answers to these questions are not all the clear most of the time.

What is clear is every site should have a privacy policy. With this in mind, let’s take a look the best practices you should employ with a privacy policy for your site.

Disclosure and Boilerplate

The two biggest issues that come up with privacy policies are disclosure of actions and the use of boilerplate in the language of the policy. Most site owners tend to approach both issues from the wrong perspective.

What should you disclose in your privacy policy? Everything! I am continually amazed at how many sites try to hide their data collection practices from visitors. There is no need to do this unless you are doing something very illegal such as selling credit card information.

Though it pains me to do this as a greedy lawyer, I am going to provide you with a free bit of advice – the vast majority of visitors to your site will never read the privacy policy. Don’t believe me? When was the last time YOU read one? Did you read the privacy policy for this site? I’ve been buying items online for years, and I can count on one hand the number of times I’ve done it and I am a lawyer!

What about those folks that do read the policy? Most of them will accept the terms regardless of what they say. Yes, Facebook and Google have received flak for their data collection and usage techniques revealed in their privacy policies. How many people have actually stopped using their sites because of this? Very few.

Then we have boilerplate language. For the love of God, don’t use such language. First, you probably don’t know what it means from a legal perspective. Second, you are going to be locking yourself into terms that may not be in your best interest.

When it comes to privacy policies, the best practices you should employ involve disclosing everything you are doing in the way of data collection and use. You must write this disclosure in plain English.

Privacy Policy for SEO

Most webmasters and website owners view privacy policies as a burden. Being honest with your visitors should not be a burden. Having said this, however, there is also a practical reason for publishing a privacy policy on your site. Google looks for them as part of its ranking process. If you hope to obtain top rankings on Google, you better have a privacy policy on your site. Perhaps just as important is the fact it needs to be an original privacy policy. After all, you don’t want to run into duplicate content issues.

Need for Blogs?

I often see articles and commentary on the web indicating blogs do not need privacy policies. The argument appears to be based on the idea blogs do not have members and do not capture personal information.

The genesis of this position appears to be a California law that requires sites to have a privacy policy if they capture personal information from California citizens. The argument goes that since blogs don’t collect such information, they are not required to post a privacy statement. The application of this law to blogs, however, is misguided.

First, most blogs do capture the personal information of some visitors. Do you have people sign up for a newsletter? Do you have them purchase something? Both situations involve capturing personal information.

And then we have the comments section. In between deleting all those annoying spam comments, you will occasionally run across a real person leaving a valuable comment. If they provide their name, you are collecting personal information. Not only that, but you are publishing on the web in the comments section for anyone to see.

What if you collect no information at all? You still want a privacy policy. You are going to be capturing aggregate data from your server at a minimum. Also, publishing a privacy policy will reassure visitors to your site while making the search engines happy.

Privacy Policy For Google Adsense

In some cases, companies that you partner with will force you to publish a privacy policy and include specific terminology in that policy. Google is famous for doing this, which is odd considering how many times government agencies have fined the company for privacy violations.

Ah, but I digress…

The issue at hand is the Google Adsense program. To be approved for the program, you must publish a privacy policy on your site. Moreover, you must include language related to the Adsense program in the policy. Google changes the specifics of this program from time to time, so make sure you are in compliance, or you risk getting kicked out of the program.

Best Practices

Stop fighting the idea of privacy and your visitors. A privacy policy is not a burden. It is a chance to be honest with your visitors, as well as build credibility with them. Reveal everything you are doing when it comes to data collection and the use of the data. People rarely get angry when you are honest and blunt with them up front.

Richard A. Chapo, Esq.