Do you have a website for your business?
If yes, read on.
If no, you may skip the rest of this article and my feelings will not be hurt.
Does your website ask visitors for personally identifiable information? Name? Email? Credit card information? Phone number? Social media handles?
If yes, read on.
If no, you can stop reading and go enjoy some fresh air.
Do you have a privacy policy conspicuously posted on your website that describes what kind of information you collect and with whom it is shared?
If yes, skip to the last paragraph of this article.
If no, you are not alone.
Like most business owners, you may not be aware that you need to post a privacy policy in a conspicuous place on your business website. Not doing so exposes you to potential legal troubles.
In 2004 California became the first state to pass a law requiring an operator of a commercial website to post a privacy policy conspicuously if the website collects personally identifiable information about individual consumers living in California who use or visit the website. Since then, other states have passed similar laws.
There are a lot of parts to the California Online Privacy Protection Act, so let’s take a closer look.
You are an operator of a commercial website if you have a website for your business.
If you just keep a blog or post information about your product or service on your business website, then this law does not apply to you.
However, if you sell products or services on your site, or have an opt-in, contact us or a “sign up for our newsletter” page, you are asking visitors to give you personally identifiable information. So you must tell visitors what information you are collecting and how you use it.
Generally, most websites put the privacy policy at the bottom of the page. A better example to follow is CNN. When you go to its website (www.cnn.com), you will see a red and white pop-up box at the bottom left corner of the page stating, “Our Terms of Service and Privacy Policy Have Changed.” You’re able to easily link to the privacy policy or terms of service.
Generally, the policy lets visitors know what type of personal information you are collecting, what you are doing with that information, if you are sharing it with a third party, how you are safeguarding it, how the visitor can review and request changes to personal information, and how you will notify the visitor of material changes to your privacy policy. The policy should list contact information should the visitor have questions about your policy. Your privacy policy should be customized to your business practices and have an effective date.
Business owners often assume that the web developer will include the privacy policy as a part of the service. Typically, developers only post the content you provide for them. Regardless, the law is very clear that the responsibility for having a privacy policy lies with the owner of the website.
If you already have a privacy policy in place – or once you have one – conduct a regular audit to make sure your privacy policy reflects how your business deals with the information it collects online. It is a small time investment for a huge peace of mind.
About Your Columnist
Quyen Tu
Quyen Tu is a featured contributor for Women Lead, the official blog of Connected Women of Influence, where she explains complex legal concepts in layman’s terms. Her passion is working with and supporting mission-driven entrepreneurs who make an impact in their community. She handles her clients’ legal issues so they can change the world. Quyen enjoys volunteering, connecting people, and challenging herself physically. She aims to visit all seven continents, and plays along with the Jeopardy contestants. Quyen Tu is an Attorney at BCorp Creatives where they specialize in helping successful business owners and entrepreneurs improve the world, starting with their community.
Interested in Joining Us at a Future Event?!
Interested in Becoming a Valued Member of Our Professional Community!?
