Got a privacy policy?

When I tell clients that their business website is missing a privacy policy, I usually get a blank stare in return.

Me: You know, that legal language in pop-ups from companies like Apple? Where you have to say you’ve read and agreed to them before you can continue?

Client: Oh, those things! But I don’t really need that for my small business, right?

Me: Well . . . .

And so the conversation goes.

When it comes to your business website, you really need to have “website agreements” linked at the bottom of your site. These website agreements include terms of use and a privacy policy. We’ll tackle terms of use in a later post. For now, let’s focus on that privacy policy.

I know, the average person won’t take the time to read privacy policies. And lots of businesses don’t have one. But when it comes to the law, privacy policies are required.

Let’s get into it.

What exactly is a privacy policy?

A privacy policy is an agreement that your business has with everyone who visits your website. This privacy policy outlines what personal information from your visitors gets collected from your site. And it describes how you’ll use and protect that personal information.

Is it really necessary?

Yeah, it is. Your business is legally required to have a privacy policy if you collect personal information about your visitors. Without a privacy policy, your business could find itself in a lawsuit for violating U.S. laws.

But what if I’m not collecting any personal information?

At this point, you might be thinking “Okay, but my website doesn’t collect any personal information.” Are you absolutely sure about that? Consider these questions:

  • Do you have a contact page where a visitor can fill out their name and email to send you a message?
  • Does your website allow a visitor to pay you for something?
  • Do you have any opt-in boxes on your website to sign up for a newsletter or a free download?

If you answered yes to any of these questions, then you’re collecting personal information. And even if you answered no, you don’t want to limit your business from adding these features in the future.

Even basic business websites collect personal information. And they should. From a business and marketing perspective, collecting personal information allows you to better serve your audience.

Alright, I get it. So where do I get a privacy policy?

When it comes to getting a privacy policy for business, you have some options. But it really boils down to two options: do it on your own or get help from an attorney.

Option 1: Do it on your own (not recommended).

If you decide not to get an attorney, you can go down two paths:

  • You could copy and paste from another site. This is your worst option. Putting aside potential copyright and unfair business practice issues, what if that company’s Privacy Policy is outdated or missing necessary language? How can you be sure that your business is collecting, using, and safeguarding personal information in the exact same way? For these reasons, copying and pasting another company’s privacy policy is very risky and not recommended.
  • Or you could use a template found online. There’s no shortage of privacy policy templates out there. But lots of them leave out important language that your privacy policy needs to address. And there’s no sense of trust or accountability because you don’t know whether it has been approved by an attorney. And, again, what if it doesn’t take into account unique aspects of your business? If you’re just starting out with your business and website, the last thing you need is a nagging feeling that your company might be exposed to legal trouble for not having a solid privacy policy.

Option 2: Get help from an attorney (highly recommended).

If you have an experienced business attorney, you’ll have serious peace of mind when it comes to your privacy policy. An attorney with a background in drafting privacy policies will ensure that all of the necessary components of a privacy policy are included. Plus, you can rest assured that the unique aspects of your business will be addressed in the privacy policy if need be.

At the very least, you should find an attorney to review a privacy policy to make sure it adequately protects your company.

But deciding that you’ll use an attorney is only part of the equation. You want to make sure that you choose the right attorney. Here are 6 tips to help you out:

  1. Find a business attorney. Divorce and criminal attorneys are great (they’re some of the best attorneys I know), but you’ll need to find a business lawyer to prepare a solid privacy policy. Ideally, you should find a “transactional attorney” (an attorney who prepares and reviews contracts) instead of a courtroom attorney. Depending on the sophistication of your business, you might even need an attorney that is specialized in that particular area of business law.
  2. Find an attorney that charges flat fees. Attorneys traditionally charge by the hour, but flat fees are becoming more popular. Clients tend to prefer flat fees so they know exactly what they’re paying for. Flat fees force attorneys to consider how long it will take them to complete a project. If it takes the attorney longer, then it’s the lawyer who eats that cost and not the client.
  3. Find an attorney with transparent pricing. Flat fees are great, but you should have some sense of what an attorney charges before you even reach out. Look, it’s no secret that lawyers have a bad rep for being slimy and untrustworthy. In reality, most of us are not that bad. But even well-respected firms send client invoices that have raised eyebrows and heart rates. If a law firm has taken the time to promote fixed pricing options on its website, that’s a pretty good indicator that you won’t be dealing with lawyers who give the profession a bad name. Also, fixed pricing shows that the attorney is so experienced in that issue that he knows how long that project will take.
  4. Find an attorney that will bundle your privacy policy with a terms of use agreement. If you’re looking for help with a privacy policy, chances are you need a Terms of Use page for your business as well. Some attorneys will bundle these two documents together for one flat fee, which is often cheaper than having them prepared separately.
  5. Find an attorney that can write, and speak, in plain English. If you’re paying an attorney to prepare something for you, you should be able to understand the attorney’s advice and final product. If the attorney can provide you with a brief memo or cheat sheet that summarizes what’s in the document, even better. Plus, if a user ever does take time to read your privacy policy, that user has the right to know how your business uses their information.
  6. Don’t limit yourself to attorneys in your state. This one might sound strange. In many cases, it’s best to find an attorney who practices in your area. This is because lots of states have their own laws, and it’s often better—even required—to have an attorney that’s licensed to practice in that state. But privacy policies don’t require a deep understanding of state-specific issues. So, in this situation, there’s no need to narrow your search to attorneys in your area.

When it comes to finding the right law firm, Indie Law checks off all these boxes. Indie Law offers subscription plans that can include a privacy policy as a part of that plan. To learn more, schedule a call with Joey.