If you own a website that collects Personally Identifiable Information (PII) such as names, emails, phone numbers or IP addresses, you are probably aware of the fact that your website needs to have a Privacy Policy. While the best way to obtain a Privacy Policy is to hire an attorney to write one for you, let’s be real – many small businesses do not have this type of a budget so they are asking: are Privacy Policy generators legit? The truth is that a Privacy Policy generator can be a legitimate and cost-effective way to obtain website policies, as long as you understand the limitations of these tools and do some research to pick the correct one for you. In this article, we will discuss the following aspects of Privacy Policy generators:
- What is a Privacy Policy?
- What is a Privacy Policy generator?
- What types of businesses should or should not use a Privacy Policy generator?
- How you can pick the right Privacy Policy generator.
Table of Contents
What is a Privacy Policy?
Before we get into Privacy Policy generators, it is best to first define what a Privacy Policy is, why websites need one, and what standards it should meet. A Privacy Policy is a document that explains your privacy practices such as what information you collect, what you do with that information and who you share it with.
Websites that collect Personally Identifiable Information (PII) may be required to have a Privacy Policy by applicable privacy laws. PII is defined as any information that could identify a specific person or any information relating to a specific person. Examples of PII commonly collected by websites include:
- Names
- Emails
- Phone numbers
- IP addresses
- Physical addresses
This information is commonly collected through the following website features:
- Contact forms;
- Email newsletter sign up forms;
- Account creation forms;
- Analytics features;
- Advertising features.
PII is protected under a number of privacy laws that can apply regardless of the business’ location, size, and nonprofit status. Privacy Policies must meet the following requirements:
- Contain the disclosures required by the privacy laws that apply to you; and
- Accurately disclose your actual business and privacy practices.
Lastly, due to the fact that privacy bills are constantly being proposed and new privacy laws are being passed or amended, your Privacy Policy must also be continuously updated to reflect changes in disclosure requirements.
What is a Privacy Policy generator?
A Privacy Policy generator is a tool that asks you a series of questions and then uses your answers to generate the text of your Privacy Policy. Some generators will help you determine which privacy laws apply to you and can even automatically update your policies for changes in privacy legislation. While using a Privacy Policy can be a legitimate way to obtain a Privacy Policy for your website, the truth is that there is a large variety of different generators that are available and that business owners must conduct some research to pick the proper generator for them.
What types of businesses should not use a Privacy Policy generator?
While a Privacy Policy generator can be a great way to obtain website policies for businesses with standard websites, websites with the following features should speak to an attorney as this type of specialized compliance is often not covered by generators:
- Websites that offer financial services such as approval for loans, approval for credit cards, banking services, and similar financial services;
- Websites that collect protected health information and need to comply with health privacy laws such as HIPAA;
- Websites managed by government entities;
- Businesses that are looking for legal advice (as generators cannot provide legal advice).
How to pick the right Privacy Policy generator for you
With dozens of Privacy Policy generators available, the best way to ensure that the Privacy Policy generator is a legitimate one is to ask the following questions:
- What is the pricing offered by this generator? You should be aware of the fact that some Privacy Policy generators will offer a low starting price but will then tack on additional charges and fees based on compliance requirements. For example, some generators will charge you extra if you are creating the policies for a business and others will charge extra based on the clauses that your policy needs to contain (e.g. GDPR compliance). This can make the process very confusing as you may end up with a much higher bill than what you initially anticipated. In addition, there are many free Privacy Policy generators as well. However, using a free Privacy Policy generator may also put you at risk as many of these tools do not include all of the disclosures required by privacy laws, do not update your policies for changing legislation, and may charge extra for compliance. When picking a Privacy Policy generator, look for clear, straight-forward pricing;
- Does the generator help you determine which privacy laws apply to you? Since the disclosures in your Privacy Policy are dictated by the privacy laws that apply to you, it is crucial that the generator first asks you questions about your business to determine which laws apply to your website. Many generators do not do this and assume that certain privacy laws will apply. However, this is an issue as it may subject you to privacy laws (and their fines) without them actually applying to your business;
- Does the generator include the disclosures required by the privacy laws that apply to you? Many generators claim to provide the disclosures required by certain privacy laws but actually fail to do so. This could lead to fines as failing to include any of the required disclosures would result in a violation of the law. In addition, beware of generators making false claims such as claiming to cover multiple privacy laws and then claiming that the disclosures required by one privacy law will meet the disclosure requirements of all other privacy laws (as this is simply not true);
- Does the generator update your policies when changes to legislation occur? With more and more privacy bills being proposed and more privacy laws being passed, it is crucial to have a strategy to keep your Privacy Policy up to date with these types of changes. Some Privacy Policy generators will claim to update for changing legislation and fail to do so prior to the law’s effective date. It is important to compare the list of laws that the generator claims to cover in their blog post articles with the privacy laws actually covered by the product itself;
- Does the generator employ someone with actual privacy experience? Many Privacy Policy generators are created by developers or marketers with no actual privacy experience, leading to non-compliant policies, failure to update for new legislation, and Privacy Policies that do not match actual business or privacy practices. Take a look at the generator’s “about us” page to ensure that the generator is backed by someone with actual privacy and legislative experience;
- Does the generator make a lot of assumptions about your business? As discussed above, your Privacy Policy must match your actual business and privacy practices for it to be compliant. Some generators will make a lot of assumptions about your business such as listing that you engage in targeted advertising, that your website allows individuals to create accounts, that you have certain security measures in place, etc. If these assumptions do not match your business, then your Privacy Policy will include false claims and be confusing to website visitors, as well as non-compliant with applicable privacy laws.
As you can see from the above, Privacy Policy generators can be legit, as long as you ensure that you do proper research prior to using one to ensure that your policy will fit your business and be compliant, helping you avoid fines and even lawsuits. If you do not currently have a Privacy Policy or have a Privacy Policy that does not meet the required features listed above, make sure to check out the Termageddon Privacy Policy generator.