Shake Logo

Does Your Business Need a Privacy Policy?

Whitney O’Sullivan

Does Your Business Need a Privacy Policy?

Protecting yourself, your customers, and your data is a concern for anyone with a website or online presence. What can you do as a business owner to promote privacy and assure your customers?

Things to Know

First, know your industry. Certain industries have federally mandated privacy requirements. For example, medical information is highly sensitive and highly protected. So are financial transactions. If you are providing these types of services, federal laws likely dictate the way in which information can be handled, and if, how, and when it can be shared with third parties. If you don’t know which laws apply to your business, the Federal Trade Commission (FTC) is a good place to start.

A privacy policy should be tailored to your specific needs and practices.

Second, know your business. A privacy policy should be tailored to your specific needs and practices. One of the worst mistakes you can make is to use a privacy policy that doesn’t actually align with what your business does. The FTC has taken legal action against companies for misleading their customers and handling information not in accordance with their own policies. To avoid this particular liability, you need to know definitively what information your company collects, why it collects it, if it shares it, and where it ultimately ends up.

If you don’t know this, talk to someone at your business who does. Depending on the volume and type of data your business collects, you may even want to go one step further and conduct a risk assessment. This will help you to better understand what disclaimers are appropriate.

Third, know your customers. Are your customers large corporations who require a high level of security to do business with you? What is the relative sensitivity of the data–is it just an email address, or is it a Social Security number?

Do you ask for any information that you yourself would hesitate to give out?

Depending on the answers, your privacy policy may require more or less detail. 

Privacy Policy Drafting Tips

Now that you’ve considered the type of data you collect, who is using it, and your customer’s concerns, it is time to draft a policy. The language should be in plain English and comprehensible. You will want to display it in a prominent place on your website. You will also want the level of detail to appropriately address the audience and volume of data collected.

The language should be in plain English and comprehensible.

If your website collects more information than necessary, it’s good practice to allow users to opt out of sharing everything. Giving customers control over their data may help to build confidence and a sense of security. 

If you don’t know where to start, there are many free online resources. You may even want to reference an existing policy of a company you know and trust, or a competitor’s. While doing your own research should never replace talking to a professional, it can limit the amount of time you need to spend with one and will help you understand the importance of what you are creating. Shake’s Privacy Policy can be found here.