Not only do you need to have privacy and policy, but it should also be well created. It should suit all your website’s needs and meet all the legal requirements in your country.
The policy will also outline how you intend to store and secure your customer's personal information to ensure it doesn't fall into the hands of malicious third-parties.
The duration you intend to store the data also matters. Will you delete the user data after 90 days, or how long do you intend to store the data?
Some of the user data you can collect includes:
- Dates of birth
- Email addresses
- Phone number
- Social security numbers
- Bank details
- Billing and shipping addresses
What Do Privacy Policies Cover?
Privacy policies cover various aspects, including:
- Details of data transfers
- The purpose of collecting the user data
- The type of information collected by the website or mobile app
- Data storage, security, and access
- Affiliated organizations or websites, including third-parties
Privacy Laws in the United States
Some of these laws include the Children's Online Privacy Protection Act, California Consumer Privacy Act, Fair Credit Reporting Act, among others.
One of the strictest laws in the US is CaIOPPA. The law goes beyond the US borders as it applies to any website that collects personal information from California residents.
CaIOPPA is a state law and not federal law. However, it affects your website irrespective of where you operate from, provided you collect data from California residents.
According to CaIOPPA, personally identifiable data can be categorized into:
- Your first and last names
- Physical addresses
- email addresses
- Social security numbers
- Phone numbers
- Any other contact information you share with a website, either online or physically
- Details of your physical appearance, including your hair colour, weight, and height
- Any other detail stored online that can identify an individual
- The type of user data that are collected through your website or mobile app
- Any affiliated website or organization that you wish to share the information with
- A clear explanation of how a user can request amendments to data collected
- What should happen if a user makes a "Do Not Track" request
- Details of any third-party that will collect the user data using the website or app
Privacy Laws in the EU
The EU Data Protection Directive was in operation since 1995. It has regulated how user data in the EU is gathered and handled, and it has also helped prevent misuse.
The Data Protection Directive was replaced on May 25, 2018, by the General Data Protection Regulation (GDPR).
The General Data Protection Regulation requires that:
- All personal data should be processed in an ethical manner
- Personal data should only be collected for predetermined reasons, and the information you collect can only be used for such reasons
- The data collected should be accurate and updated when requested
- Except for certain special circumstances, e.g., scientific data research, the users should only be identified for as long as it is needed
- The website collecting the data is responsible for ensuring adherence to GDPR through appointing a Data Protection Officer
- The user should be able to contact the website collecting the personal data and its Data Protection Officer, where there is one
- The website should make its users aware of the reasons they are collecting the data and the period the data will be stored
- The website should also advise its users of their 8 rights under the GDPR. This includes the right to access, update and request removal of personal data
- The user should be informed if the business is to share their personal data with any third party or affiliated organization or if the personal data is to be transferred outside the EU
- The website should also provide any other information to ensure fair processing of personal data
The enforcement of the GDPR is stricter, and it attracts greater penalties for non-compliance.
You should determine the type of privacy and policy your website requires. It will help a lot if you can consult a legal professional for legal advice.