Five Signs Your Privacy Policy Needs To Be Updated

General, Privacy Policy

Photo of author

Donata Stroink-Skillrud

Co-founder and President of Termageddon

Here at Termageddon, we like to frequently remind people that it’s not just about getting a Privacy Policy, but having a strategy in place to make sure your website policies stay up to date as privacy laws change or are added. 

After all, it happens more than you might think.

At the time of this article, we’re tracking several privacy bills that are in the works in the United States alone, and new privacy laws go into effect every year – most requiring your website to update its disclosures on its website policies. The United Kingdom and Australia are also considering updating their privacy laws as well. 

So, the question becomes: How do I know if I need to update my Privacy Policy?

Short answer: You hire an attorney or use an attorney-founded Privacy Policy generator like Termageddon.

That being said, we also wanted to offer up some actionable steps a website owner can take to see if their policies are potentially outdated – without spending money. So we’ve gathered five very common signs we see that indicate a person’s Privacy Policy may be out of date.

*note: this list isn’t all-encompassing; just designed to be a starting point for those curious as to whether or not it’s time to update their website’s policies. Seeing one of these signs on your own Privacy Policy page also doesn’t mean for certain that your website is no longer compliant (but it probably is). 

Sign 1: Your Privacy Policy has not been updated in years

Example: “This policy was last updated on 24th of May, 2018”

Privacy laws are anything but static. Online privacy is a big topic these days and therefore lawmakers globally are regularly looking to create or improve their privacy laws.

Considering most privacy laws don’t care about where your business is located, just about where your website visitors are located, it can mean any one website could be required to comply with privacy laws in multiple states and even countries. Given the global scale of these laws, it’s safe to say the landscape isn’t exactly set in stone. 

So why is our example above a sign that a Privacy Policy is out of date? Since May 2018, here are some major privacy law changes that have gone into effect:

  • United Kingdom left the European Union, separating from EU GDPR to UK DPA 2018 (aka UK GDPR)
  • Nevada Revised Statutes Chapter 603A was updated with newly required Privacy Policy disclosures; 
  • California Privacy Protection Act went into effect
  • California Privacy Rights Act went into effect 
  • Virginia Consumer Data Protection Act went into effect 
  • Colorado Privacy Act went into effect 
  • Utah Consumer Privacy Act went into effect 
  • Delaware Online Privacy and Protection Act went into effect 
  • Connecticut SB6 went into effect 
  • Quebec Law 25 went into effect 

Sign 2: Privacy Shield used for data transfers

Example: “Company complies with the EU-US Privacy Shield Framework to transfer personal information from the European Union to the United States.” 

Why is this out of date? 

The Privacy Shield Framework was invalidated in 2020 by the Schrems II decision. At this time, the Privacy Shield Framework could no longer be used to transfer data from the European Union to the United States.

Sign 3: Your Privacy Policy does not disclose the categories of third parties with whom you share personal information

Example: “If you ask to be added to our email list, your name will be added to our email marketing list.” or “We will share your personal information with outside parties with your consent.” 

Why is this out of date? 

The following privacy laws require you to disclose the specific categories of third parties with whom you share personal information: 

The example above does not actually state the fact that you share emails with email marketing vendors (e.g. MailChimp or ConstantContact). If you need to comply with any of the above privacy laws and your Privacy Policy does not list the categories of third parties with whom you share personal information with, then it is out of date and not compliant with the above laws.

Sign 4: Storing data indefinitely

Example: “If you leave a comment or submit your information via our contact us form, your information will be retained indefinitely.” 

Why is this out of date? 

Multiple privacy laws, including GDPR and UK DPA 2018 prohibit companies from storing personal information longer than it is actually needed. Companies that need to comply with these privacy laws need to disclose, in their Privacy Policy, either a specific time period for which data will be kept (e.g. 2 years) or provide a description of how that time period will be determined (e.g. we will keep your information until you are no longer a customer.) 

If a website’s Privacy Policy still says that it will keep data indefinitely, then chances are that the Privacy Policy was not updated for these laws.

Sign 5: Combining the European Union and the United Kingdom

Example: “Residents of the European Union (including the United Kingdom) have the following privacy rights…”

Why is this out of date? 

The United Kingdom left the European Union in 2020 so combining the EU and the UK is not appropriate anymore. 

Next Steps

Alright, so you’ve gone to your Privacy Policy and searched for these signs and have found one or more. What now?

A privacy attorney will always be your best bet, but as you might imagine this is an expensive option.

Fortunately, Termageddon is a Privacy Policy generator that was founded by a privacy attorney and not only help you create a Privacy Policy for your website but will also automatically update your policies (via an embed code) whenever a new privacy laws is passed or an existing privacy law is amended, requiring changes in website policy disclosures.

That means you never have to read blogs about Privacy Policies ever again!

Photo of author
About the Author
Donata Stroink-Skillrud

Donata is the Co-founder and President of Termageddon and a licensed attorney and Certified Information Privacy Professional. She serves as the Vice-Chair of the American Bar Association's ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals.

Search the Site
Popular Articles
Browse by Category

Comparing Policy Generators

Cookie Consent Banner

Cookie Policy




How To's

Privacy Policy

Terms of Service

Subscribe for Updates