Why do companies have a Privacy Policy?

If you’ve been paying attention to the footers of the websites that you visit, you’re probably wondering – why do companies have a Privacy Policy? So many websites have Privacy Policies nowadays that it almost feel strange when a website does not have one on notifications, contact forms, newsletter sign up forms or simply on the footer. You see Privacy Policies on so many websites for two reasons. First, Privacy Policies are required by law for most modern websites and failure to have one can lead to privacy-related fines and even lawsuits. Second, consumers are increasingly concerned about sharing their Personally Identifiable Information with companies. A lack of a Privacy Policy assuaging those concerns can cause them to look for other businesses that do care about their privacy, leading to a loss in sales. In this article, we will break down the reasons for having a Privacy Policy so that you can learn why so many companies have one and determine if your website needs one too.

What is a Privacy Policy?

A Privacy Policy is a statement provided on a website or an application that explains a company’s privacy practices, including how a company collects, uses, and discloses Personally Identifiable Information (PII). PII is any data that could be used to identify a particular person. Examples of PII commonly collected by websites include:

  • Names;
  • Emails;
  • Phone numbers;
  • IP addresses; and
  • Physical addresses.

Websites commonly collect PII through the following features:

  • Contact forms;
  • Email newsletter sign up forms;
  • Account creation forms;
  • Checkout forms; and
  • Analytics services such as Google Analytics.

PII is actually protected by multiple privacy laws that require certain websites to have a Privacy Policy that makes very specific disclosures.

Why do companies have a Privacy Policy? Required by law

The first answer to why do companies have a Privacy Policy is because they are required by law to have one. The following privacy laws require Privacy Policies and can impose heavy fines for failure to have one:

Privacy laws are unique in that they protect consumers and not businesses and can thus apply to businesses outside of the states or countries in which the laws are passed. For example, CalOPPA applies to any commercial website that collects the PII of residents of California, regardless of where the business is actually located. Nevada’s privacy law applies to anyone that has customers in Nevada, also regardless of where the business is actually located. When determining what privacy laws apply to you, you should ask:

  • Where do you do business?
  • Whose PII are you collecting online?
  • Where do your customers reside?
  • To whom are you offering goods or services?
  • Who are you tracking online through services such as Google Analytics or cookies?

If these privacy laws apply to you, then you are required to have a Privacy Policy that makes very specific disclosures. Most companies choose to follow these laws and have a Privacy Policy because non-compliance can be very expensive. Privacy fines range from $2,500 per violation to €20,000,000 or more in total. In this case, “per violation” means per website visitor whose privacy rights you infringed upon, meaning that fines can add up very quickly, even if a website only has a few hundred visitors per month.

Lastly, with over a dozen proposed privacy bills in the United States and countries such as Canada and Australia proposing reviews and updates to their privacy laws, the Privacy Policy requirement is not going away anytime soon. In fact, with some bills proposing a private right of action where consumers would be allowed to sue businesses directly for collecting PII without a compliant Privacy Policy, it is more important than ever to ensure that your website not only has a Privacy Policy but that you also have a strategy to keep that Privacy Policy up to date with changing legislation.

Why do companies have a Privacy Policy? Required by consumers

The second answer to why do companies have a Privacy Policy is because consumers expect companies to have one. While this is a fairly recent trend, in the last few years, consumers have become increasingly concerned about the sharing of their PII with companies and have even chosen to stop doing business with certain companies due to privacy concerns. The following studies illustrate the importance of privacy to consumers when doing business online:

These studies illustrate two important factors as to why your business should have a comprehensive Privacy Policy. First, caring about privacy and demonstrating that by having a Privacy Policy can be a competitive advantage. Since consumers are more willing to make purchasing decisions based on privacy practices, you can actually grow your business by demonstrating that you care about privacy as much as your customers. Second, as consumers start pressuring their legislators to propose and pass privacy laws, the Privacy Policy requirement is only going to increase in the future. Thus, having a Privacy Policy that not only complies with the privacy laws of today, but also having a strategy for keeping that Privacy Policy up to date with the privacy laws of tomorrow is more crucial than ever.

As you can see, the reasons for so many companies having a Privacy Policy include being required to do so by law, wanting to avoid privacy-related fines and lawsuits, and because consumers are increasingly expecting companies to have one. If you are looking for a comprehensive Privacy Policy that helps achieve both of these goals, check out Termageddon’s Privacy Policy generator and create your auto-updating Privacy Policy in just a few minutes.