The regulatory environment on the web is growing more complex each year. Users’ online behavior has changed; technology is advancing at a tremendous rate and data is being collected with every click. This is a powerful cocktail and you must understand the legal requirements surrounding it when starting a business.
Being up to date on legal matters is exceedingly difficult if you do not have a lawyer on hand. For example, there was recently a reform in the EU data protection that will take effect in 2018. How much do you know about this reform, if at all?
Today we are going to review privacy policy essentials and how to make sure that you have your legal documents ready when you need them, as well as how to update them when necessary.
Being at a disadvantage because of your lack of preparation is real, not to mention dangerous: reputation, getting rejected by third party services and fines are possible at any time.
In order to avoid these problems, here are four common privacy policy mistakes every entrepreneur should be sure to avoid:
Not sharing data collection practices
Visitors to your site are concerned about what you say you will do with their data, and what data you actually collect from them.
There are two main reasons why you need a privacy policy: it’s a question of compliance, and you have a reputation to maintain.
Here’s a list of what should go in a privacy policy by way of example as outlined by the Californian regulation:
- A list of the categories of personally identifiable information the operator collects
- A list of the categories of third parties with whom the operator may share such personally identifiable information
- A description of the process (if any) by which the consumer can review and request changes to his or her personally identifiable information as collected by the operator
- A description of the process by which the operator notifies consumers of material changes to the operator’s privacy policy
- The effective date of the privacy policy.
Why is reputation on this list? Consider the following facts:
- The U.S. saw the largest increase in the lack of trust, up nine points year-to-year to 35 percent
- A new study from The Future of Privacy Forum (FPF) showed concerns about a fitness app that does not provide a privacy policy. Whether you are in the app business or a blog, it is in your best interest to offer a privacy policy to all users at all times
Related: Cyber Security Do’s and Don’ts for Business Owners
Copy and pasting a privacy policy
Copy and pasting is one way used by many to avoid paying hundreds to thousands of dollars to get legal counsel.
However, what many don’t realize is the danger connected to this behavior. You might be infringing on copyrights of the original writer, or providing irrelevant information. A privacy policy is a statement of your data processing practice, and as such, it needs to reflect them accurately.
Not understanding what needs to be in your privacy policy
Are you using Google Analytics for your website? Are you collecting users’ email addresses, their names or location?
You are the person best suited to understand what you are doing with your users’ data. That means you should also be the one stating the categories of data collected and its associated purposes. Understanding what certain technologies do for you is therefore the first important step. Doing otherwise will result in you providing a faulty privacy policy and therefore expose you to the risk of fines.
Okay, so how do I go about understanding my privacy policy, you ask?
- You can pay hundreds or thousands of dollars for a lawyer to draft a privacy policy for you, or draft one yourself
- Nowadays, for certain situations there’s even a simpler solution: try using a professional privacy policy generator that focuses on drafting simple to read privacy policies all the while removing confusing legal jargon
Generators can help you understand what needs to be mentioned by providing a great starter template. Try understanding the value of each template. Ask yourself the following questions: is it what my business needs, is it going to be relevant in a year’s time and how do I stay informed?
Assuming people don’t care
Many current privacy policies discourage people from reading them. In some cases, it is intended that way. Times are changing and there is demand for an easy to consume one-page privacy policy.
Provide a simple, readable privacy policy for your users. Cater to the people who actually care about what you do with their data. How many users won’t sign up, buy or trust you because of your privacy policy? Also, are you is your privacy policy mobile-friendly?
Related: Sign up to receive the StartupNation newsletter!
Bonus thoughts
Many sites that don’t include a privacy policy do so because they think it’s either too complicated and time-consuming or that no one is really enforcing those laws, anyway.
Here’s something that might surprise you regarding your marketing strategy:
A test was made to see if there was a difference in conversions when people were exposed to various versions of a sign-up form. It showed a 19.47 percent signup increase for the one that had the privacy policy over the one without. Transparency with your privacy practices sells and builds up trust.
There are some marketers out there who believe that displaying a “100 percent privacy, we’ll never spam you” policy is enough. However, users know that is a cliche, and you must put genuine effort into your privacy policy. It’s your business, after all.
