Cookies. Beacons. Scripts.

Tracking technologies are ever-evolving and – unless you live off the grid or use an FBI-level alias – data collection points are a near-constant in our technology-laden lives. 

Online business owners need to understand what kind of data they’re collecting, how they’re collecting it, and what they’re doing with it. 

And you need to readily share that information with website visitors via your Privacy Policy. 

If you’ve got a Privacy Policy already, great.  

You’re doing better than 66% of all website owners. (According to a study by the Pennsylvania State University.) 

But just because your policy exists doesn’t mean you’re finished yet.

A Privacy Policy is a living, breathing document that requires regular updates. It’s not a one-and-done task to check off the list. 

As long as you have a website, you’ll never be done with your Privacy Policy. 

**Real quick before we jump in: 

Everything I share is legal education and information. It’s not business, financial, or legal advice, and it doesn’t create an attorney-client relationship between us.*

What is a privacy policy, and who needs one?

Simply put, a Privacy Policy is a document that lets your website visitors know you’ll use care when you collect their personal information and how you’ll use it once you have it. 



–Email addresses

–Physical addresses

–Social Security numbers

–Phone numbers


It’s all personal information. 

And if you’re a business owner collecting any of that information, you need a Privacy Policy. 

Asking people to sign up for your newsletter? You need a Privacy Policy.

Letting people contact you via a contact page? You need a Privacy Policy.

Collecting anything personal for any reason at all? You need a Privacy Policy.

What should a Privacy Policy include?

You may know that California and the EU have some of the strictest regulations around collecting – and protecting – personal information. 

And legislation in Virginia, Connecticut, Utah, and Colorado is also following suit. As it is in more and more states in the US.

But if you aren’t in any of those locations, you don’t need to worry about it, right? 

Unfortunately, that’s not even close to the truth. 

The cool thing about the internet is that it’s global. But the scary thing about the internet is that it’s global. 

Which also means your audience has the potential to be global. Even if you don’t want it to be. 

So if just one website visitor from California or somewhere in the EU decides they want in on your premium freebie and exchanges their email address for said freebie, your Privacy Policy needs to reflect their location.  

Not yours. 

And at a minimum, your Privacy Policy should include: 

–What type of personal and sensitive information you collect (and have collected in the past 12 months)

–The sources you collect that sort of information from

–What you do with the information you collect

–Which third parties you share the information with

–How a website visitor can make changes or update the collected information

–How long the information will be stored

*Note: this is not an exhaustive list.

How do I update my Privacy Policy?

A Privacy Policy is an essential document that every online business owner needs to have in order to be legit.  

And that includes making sure you give it a thorough review and update it at least once a year. 

(Another SOP you can add to your process file.) 

Here are a few questions you can ask as you work through your Privacy Policy update:

  1. Have you displayed the date your Privacy Policy went into effect?
  2. Does your Privacy Policy cover new tracking technologies your website may use?
  3. Have you added or changed the ways you collect personal or sensitive information?
  4. Are there any new third parties who may have access to the information you’ve collected?
  5. Is your Privacy Policy compliant with the California Privacy Rights Act (CPRA), the General Data Protection Regulation (GDPR), and any other data privacy legislation that applies?
  6. Do people understand how you’ll communicate any significant changes/updates to your Privacy Policy?

And to that last point – this is very important – once you’ve updated your Privacy Policy… 

  1. Have you notified your users and given them an opportunity to provide consent to your updates?

Where to get a Privacy Policy that will CYA

If you’re trying to DIY this whole Privacy Policy thing, it can get overwhelming fast. 

You may be tempted to find a comprehensive Privacy Policy from a competitor’s website and copy/paste that bad boy onto your own site. 

Time to put on my lawyer hat: 

Don’t do it. 

You never want to “borrow” someone else’s policies for yourself.  

Besides getting into trouble with copyright laws and the FTC, you can also seriously damage your reputation that way. 

But if you also don’t want to spend potentially thousands of dollars having a contract attorney draft the perfect Privacy Policy from scratch – 

Grab a template. 

You can head over to The Legal Shop and get the Privacy Policy template you need to protect your website.  

Bonus: whenever legislation changes? 

You’ll get notified. 

Now all you need to do is add your next Privacy Policy update to the calendar.  

Because, as you now know, your Privacy Policy is a living document that needs regular care and attention.


error: Content is protected !!

Pin It on Pinterest