The 4 Questions You Need to Answer About Your Blog’s Privacy Policy

The Four Questions You Need to Answer About Your Blog's Privacy Policy

You can easily overlook your blog’s privacy policy while you’re focused on creating content. But neglecting it is a dangerous mistake. A clear privacy policy protects you from legal liability and shows your integrity to readers.

You’re legally required to have a privacy policy on your website. Laws like the Children’s Online Privacy Protection Act (COPPA) require certain measures to protect visitors’ privacy. In fact, the FTC has fined companies up to $100,000 for non-compliance.

A fair privacy policy also boosts your credibility. Don’t you appreciate when a company says “we’ll never sell your information” when you give them your email address? You can do the same for your readers – and at the same time, make them more open to what you have to say because they know they’re in the right hands.

You could copy and paste one of the million free templates found online. But what does it actually say? To make sure your privacy policy measures up, ask yourself these four questions: who, what, where, and how.

Who?

The first question to ask yourself is, who? This question includes who’s collecting your visitors’ info, who you’re sharing that info with, and who’s allowed to visit your website.

The FTC’s Fair Information Practice Principles require that your privacy policy identify who’s collecting your visitors’ info. This will be your business name if you have one. Include contact info as well.

Also, who are you sharing the info with? You should say what’s shared with third parties, including affiliates and advertisers.

Finally, your privacy policy should state who’s allowed to visit. Under COPPA, you have to get parental consent before collecting info from children under 13. COPPA applies only to websites that know that children visit or direct their services toward children, but be safe and include a disclaimer on your blog:

To access this website, you must be 13 years or older. We do not knowingly collect personal information from children under the age of 13. If you are a parent or guardian of a child under the age of 13 and become aware that we have collected such personal information without your consent, contact us and we will take steps to delete such personal information.

Unless you have an adult website, you probably don’t check your visitors’ age (and in that case, you have a few more rules to worry about!). But you can at least make it clear that it’s not intended for children.

Given the large penalties, every blogger would be wise to protect against COPPA liability.

What?

The second question to ask is, what information are you collecting from your visitors? Your privacy policy should clearly state what “personally identifiable information” you collect.

Personally identifiable information includes name, email address, date of birth, and so forth. Disclose what personally identifiable information you and third parties (like your email marketing service) collect:

We ask visitors who comment on the website to provide a username and email address. We also collect potentially personally-identifiable information like IP addresses for logged in users and for users leaving comments.

These will vary depending on what you provide on your site. For example, financial info may be collected if you sell a product through your blog.

Where?

The third question to ask yourself is, where is my privacy policy posted? California’s Online Privacy Protection Act (CalOPPA) requires websites to “conspicuously” post a privacy policy.

You might be thinking that you’re not in California, so what does it matter? But CalOPPA applies to any website that “collects and maintains personally identifiable information from a consumer residing in California who uses or visits the Web site.” You don’t have to be in California – and you’re not going to restrict 38 million Californians from reading your blog!

Under CalOPPA, you can’t just have a “privacypolicy.html” page on your server without linking to it. You need a link to your privacy policy in the footer or header of every page.

Yes, it’s silly that every single website must comply with California law. But do you really want to take the risk? Even if you aren’t in California, make sure you comply with CalOPPA’s “conspicuous” requirement.

How?

Finally, ask yourself, how are you collecting and using your visitors’ info? You’ll want to state that your website uses cookies. Also, your privacy policy should say how you’re using the info you gather:

We collect such information only insofar as is appropriate to fulfill the purpose of your interaction. We do not rent or sell personally-identifiable information to anyone.

“Appropriate to fulfill the purpose of your interaction” isn’t exactly the clearest phrase. It does sound like slippery lawyer language, but include it to be safe and protect yourself from liability. Treat your visitors with respect, and you’ll gain their trust.

Your privacy policy is an important part of your website. It protects you from legal liability and shows your honesty to your readers. Answer these four questions and you’re on your way to a comprehensive privacy policy.

 

Photo credit: g4ll4is via VisualHunt / CC BY-SA

Joseph Castelli
 

Joseph Castelli is a New York-licensed lawyer who specializes in corporate law. He studied at NYU School of Law and practiced mergers and acquisitions in New York City. He now writes for small business owners at Bulletproof Business.