If your business has a website, chances are you’re capturing information about your visitors on a landing page, newsletter sign-up form or contact form. The data you collect is called personally identifiable information (PII), and what happens to that data is important not just to your business, but to legal entities as well.

Privacy laws in the US and around the world regulate the collection and use of PII, and these laws require websites to disclose:

  • What PII is collected
  • What is done with that PII
  • Who the PII is shared with

Required disclosures are made in the Privacy Policy, which should be posted on your website for any visitor to access.

At this point you may be thinking, “my business is really small, why should I care?” For one thing, you’d probably prefer to avoid fines and lawsuits. All businesses are subject to these laws, and the penalties for not complying range from $2,500 per violation to €20,000,000. Ouch! And for another, a privacy policy helps reassure your website visitors that you care about their privacy. Consumers today are more vigilant than ever about the collection, use and sharing of their data, and a study by Cisco found that privacy concerns can slow down the sales cycle by an average of 7.8 weeks.

So how do you go about writing and maintaining a privacy policy? Well, if you’re not a large corporation with a privacy attorney on staff, you have a few options:

  • Hire a privacy attorney to maintain your policy.
  • Assign a staff member to keep track of all the state, national and international laws and update your privacy policy regularly. (The California Consumer Privacy Act (CCPA) took effect on January 1, 2020, so make sure you don’t forget that one!)
  • Ignore the issue and hope you don’t get sued.
  • Take advantage of a generator that keeps the policy updated for you.

Obviously, the first three options aren’t ideal for an SMB, and that’s why we recommend a policy generator, which creates a privacy policy specific to your business. All you have to do is answer a few questions and the generator produces the policies you need, including Privacy Policies, Terms & Conditions, Disclaimers and End User License Agreements. You then add some code to your website (or use the WordPress plug-in) and the generator automatically updates the policy on your website as laws change. You also receive a notification when policies change so you won’t be caught by surprise.

In summary, if your business website collects any information about visitors, you NEED a privacy policy. You can write one yourself, hire an attorney, or use a more cost-effective solution such as a generator. But the sooner you have one in place, the better.

This post is courtesy of MMC Project Manager Chris White.