Why You Need a Website Privacy Policy

online presence Jul 13, 2021

Today we're talking about website privacy policies and why it is required that you have them. We are also covering what website privacy policies do to protect you, how you can create them, and how you can place your policy on your website so that your website and your business is protected and professional. 

What is a Website Privacy Policy?

Before we get into the details of website privacy policies, you need to know that they are not the same thing as HIPAA's Notice of Privacy Practices. You are probably familiar with HIPAA's Notice of Privacy Practices, which allows patients some disclosures of their rights regarding what you're doing with their protected health information. This applies to medical professionals only. A website privacy policy is designed for anybody with a website, whether the website's content or services are medicine, law, or even knitting.  So, while they are similarly named, they are separate and distinct. 

Basically, a website privacy policy is a required disclosure that you put on your website to allow visitors to learn more about what information you may be collecting from them. This information includes who they are, how to contact them, and if they have any say in deleting their contact information or deleting any kind of identifying information that you collect. The policy should also include how you're going to protect their information. And, for medical professionals, you will definitely need a disclaimer as well. In displaying these components, along with terms and conditions on your website, you, your business, and your website will appear more professional. The bottom line is that a website privacy policy is not only required by law, it is just good business practice.

Laws in Effect 

There are several laws going around currently, and there are more coming, that are increasing consumers' rights in terms of their information, their data, and their privacy. One of those laws, for example, is CalOPPA, the California Online Privacy Protection Act. This particular law applies to websites that citizens of California would visit. In this case, it doesn't matter if you're not located in California; if anybody sitting in California is accessing your website, you're required to have a privacy policy. Similarly, the GDPR (General Data Protection Regulation) over in the European Union, are like CalOPPA, but they're even more strict and specific. To make sure you are covered, you need a website privacy policy. It also displays that you are a professional business owner who covers all legal requirements and jurisdictions.  

Want to Run Ads?

In addition to needing to abide by these types of laws, another reason that you are required to have a website privacy policy is so that you can run ads. It is required to do any kind of paid advertising, which includes sending people to your website from Facebook, Google, YouTube, Instagram, Twitter, etc. When you first set up your ads account through these platforms, they'll ask for the landing page that they're going to send people to. Then, Facebook's robots or Google's robots will go through and look for your privacy policy. If you don't have it, you won't be able to run ads, so that's one of the most practical reasons why you'd want to have your website privacy policy accessible.

The Components of a Website Privacy Policy

Firstly, you're going to have to provide some identification and contact information for you as a business, so that when you tell people their rights to monitor and restrict what information you hold from them, they have someone to contact. And, if they have a complaint that you're misusing their information, or if they no longer want you to have their information, they need to be able to get in touch with you and make that complaint or request.

Secondly, you have to tell them what you're collecting. You may be thinking that you don't collect any information from your visitors, but almost every single website collects cookies. (You've seen the cookie notifications everywhere.) And, even if you're not collecting names, email addresses, and there are no forms on your website, your website software is still collecting information about how many visitors are coming to your page, how long they stay on each page, how far down they scroll, etc. Sometimes, the gathered information may even include IP addresses to know what part of the world your visitors are in. So, even if you're not actively collecting information through the use of lead magnets or opt-in forms, you're still collecting something from either Google Analytics, a Facebook pixel, or any other kind of pixel that may not be data accurate. Therefore, you still need the privacy policy in place that states what you're collecting. If you're collecting names and email addresses, great; simply state that. If you're just collecting their anonymized data (the cookie stuff), tell them that.

Then, you have to tell them why you're collecting their information. Most of the time you're collecting information to tailor offers and services based on their interests, according to their activities on your site. For example, if I went to somebody's website and wanted to learn more about how to swing a baseball bat, I would most likely be clicking on the blogs or the videos about how to swing a baseball bat. They would then know that I'm into baseball and perhaps not soccer. So, if I give them my email address, they're not going to send me a bunch of stuff about Real Madrid and Barcelona. They're going to send me baseball-related things-- maybe Yankees and Red Sox kind of stuff. This is helpful to both the business owner and the consumer. Just keep in mind that you do have to let people who come to your website know if you're going to share their information and for what purposes.

Finally, you also have to tell them who you're sharing information with. Most people who have lead magnets and perhaps give out a freebie such as a PDF or something, then collect email addresses and are at least sharing that information with their email service provider. This could be ConvertKit (what I use), MailChimp, ActiveCampaign, Kajabi, or anyone else who is a third party. You don't have to list every company that you're sharing information with, just classes of companies. So, you can generally state, "email service providers," or "advertising accounts at Facebook and Google" -- that sort of thing. And again, beyond that, it's purely good business practice to let people know what you're doing with the information, especially as we are all discovering that information is now more valuable than we realized in the past.

In a Nutshell...

In summary, having a website privacy policy is required by law. It's required by Facebook and Google if you want to run ads. A thorough policy displays your contact information, how and why you are collecting the visitors' data, and who that information might be shared with. And, the bonus of having this in place is that you'll feel better and be more protected as a business owner and a professional, knowing that you're doing the right thing. Put a privacy policy in place on your website in the footer, or even just add a link to a separate page that has the privacy policy. This is sufficient for all of the bots at Facebook and Google. This will also satisfy CalOPPA, GDPR, and any other jurisdictions who say that you need a privacy policy somewhere on your website. If you have questions about this, any other website issues, or anything else to bring your business to a more professional level, contact Functional Lawyer. 


Need a website Privacy Policy? 

We have legal document templates at Functional Lawyer. These templates have been written and reviewed by a team of attorneys and are now available for you to use in your business. These fully customizable documents are provided in MS Word format and come with an accompanying video tutorial explaining how to adapt them for your own use. 

If you don't have one, you can get your privacy policy here. 



Scott Rattigan is an attorney, co-founder of a thriving functional medicine membership practice, and the founder of Functional Lawyer. He is an award-winning writer and speaker who is dedicated to helping functional and integrative medicine doctors succeed in building their dream practice. 


Want to talk to an attorney to answer your specific questions? 

Schedule your Legal Health Assessment consultation today.


50% Complete

Download your FREE guide 

Enter your information below to receive your guide. It will be delivered to your inbox shortly.