Does online privacy exist or matter anymore? In an era where your data and information is collected more than ever before, it can often seem that the answer to that question is “no”. In fact, the answer is a resounding yes. For most people, ensuring that their privacy is offered some form of protection is more important than ever before.
People tend to think of online privacy as most important when it comes to how they browse and interact with websites. With more than 1.5 billion websites available, it’s staggering to think that some 455 million of those are powered by WordPress.
Image sourced from searchlogistics.com
Primarily, you’re informing people about the following factors:
- How you intend to collect data from their interactions with your website and organization.
- What data you will collect.
- How you will store and protect their information.
- Any relevant laws and regulations you need to comply with.
- Any circumstances under which you may disclose or share that information.
The types of data that a business may collect can vary between organizations, but some of the most common types of personal information include:
- Date of birth
- Contact details including physical address, email address, phone number(s), and other identified ways of contacting them.
- Previous history—including transactions—with your business.
Other data may be retained depending on options offered to the customer and the type of business. This can include the following:
- Banking information that can include credit or debit card details.
- Medical history.
- Financial details and credit status.
The big problem with privacy policies is that many people simply don’t read them and just tick the box to accept what it is. If you think about it, how many times have you just ticked a box for terms and conditions on an application or similar?
Another thing to note is that privacy policies will often reflect the particular laws and regulations that may apply not only where your business is based, but also where they operate. So, for example, if you operate a business that trades within the EU, then you need to ensure that you comply with the GDPR.
Image sourced from truelist.co
These can include things such as the sector you operate in, the main location of your business, and the jurisdictions of where you operate. So, for example, if your website was offering a cloud phone system to customers, then you may have to look at telecommunications regulations as well as the other usual factors.
The other thing to consider—if you’re operating an ecommerce website—is what requirements any third-party apps may demand of you.
How might you collect data?
One important thing to communicate to customers involves the various ways in which your organization might collect their data and personal information.
Making them aware of these different ways allows them to make a more informed choice about how they interact with you and what information they want to disclose. Those methods can include:
- Signing up to an email or newsletter list and giving their name and email address.
- Leaving their name and email address on comments (for example, on your blogs).
- Registering as a customer (information in this section may vary from business to business).
- Information you may collect via linked social media platforms. This can even include liking one of your Facebook posts.
- Any tracking and analytics that may be utilized by various WordPress plugins.
- Tracking by GA (Google Analytics).
- Contact forms when the customer has a query.
- Your use of advertising programs such as Google Ads which will track certain information about the customer.
As you can see, there are multiple ways in which you might collect customer information, so ensuring they’re fully aware of these methods can be crucial to offering good privacy and protection to all your customers.
Image sourced from gitnux.com
When you’re at the planning stage of your WordPress website, you’ll have many different things to think about. One of the advantages you have is that WordPress is relatively easy to use. As well as actual content, there are two other things you should be thinking about; length and readability.
Similarly, think about the readability of your policy. Explain technical terms that people may not be aware of. For example, if you are discussing SOX controls, give some sort of explanation as to what they do and how they might impact your customers.
1. Who you are
2. Data details
Again, this information may vary from organization to organization, but it’s essential that people know what data you plan on collecting.
This may be as simple as name and address (or an email address for marketing), but it can also include more involved data such as IP address, banking information, and more.
3. Collection of data
As was covered earlier, there are numerous ways in which you might collect customer information. It’s important that your customers know not only what data you collect from them, but also where you collect it from.
4. Storage and protection
This can include details such as cloud or offsite storage. They will also want to know if there are any circumstances under which you will share or disclose data and who any third parties might be.
5. Relevant laws and regulations
Customers can be reassured when they know that it’s not only you protecting their data, but also that any protection is covered by appropriate laws and regulations.
These can include the aforementioned GDPR and Data Protection Act as well as US-centric laws such as the California Consumer Privacy Act of 2018. There are also specialized laws and regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Financial Modernization Act of 1999.
6. The whys
People also want to know why you’re collecting their data. The reasons for you collecting information can again vary.
In some cases, it might be so that you can improve your site’s performance to make the customer journey better. In other cases, it may be purely for marketing purposes. Whatever the reason, giving your customers clarity can allow them to make informed decisions when it comes to sharing information with you.
7. Opt outs
Offering an opt out option at any relevant points in the customer journey makes your entire organization more transparent and trustworthy.
What about privacy policies for under-18s?
Image sourced from digitalinformationworld,com
Now you may be thinking that children won’t use your service. However, if you provide anything like music streaming services or gaming apps, then there’s a good chance that under-18s will use those services. And, even when there is no direct remuneration for any service, there is a very good chance that you will fund those services through some form of advertising.
So, if under-18s are using your site in any way, then you’ll be collecting data from that user group and you need to consider a standalone policy for those children. You also need to look at what the relevant laws and regulations say about data collection and consent in order to craft a well-written policy.
For example, the GDPR states that only children aged 13 or over can confirm consent when it comes to collection and use of their data. If they’re under 13, then that consent must be provided by an adult who has parental responsibility for that child. You also need to make an effort to confirm that the person giving that consent does actually have parental responsibility.
- Use videos. Videos can be a great way to explain to children why you’re collecting data and what you plan on doing with it. Children may be more likely to listen to an explanation on video rather than reading an entire policy, regardless of how age-appropriate the language is.
- Two policy plans. Where you’re seeking parental consent for the child to use your website, then you should have two separate privacy policies; one aimed at the holder of parental responsibility and one aimed at the child themselves.
Be sure that they’re up to date when it comes to any laws and regulations that govern digital processes. Digital privacy laws can be at state or country level, regional (as in the case of the EU’s GDPR), or global.
Ask any prospective contract lawyer how knowledgeable they are in this area. Always remember that if you trade internationally or globally, then the laws of any areas you do trade in will be important to know.
This isn’t a simple yes or no question. It’s going to depend on a variety of factors as to whether you will want to consult lawyers.
Bigger organizations may want more complex privacy policies that fully protect them from any possible disputes. However, larger businesses are also more likely to have in-house legal counsel or to retain the services of an external law firm.
That said, smaller businesses may want to avoid the cost and use the various guides (such as this one) and free templates available online.
It may be advisable to have your policy reviewed by a specialist lawyer to ensure that it does in fact meet all the legal requirements it has to.
If you’re looking for the best tools to manage multiple WordPress sites efficiently while ensuring compliance with privacy policies, there are third-party plugins and services that offer comprehensive features like automatic updates, centralized dashboard, security monitoring, and more.
This is hopefully a scenario you’ll never encounter, but if your policy does, for whatever reason, fall short of meeting every legal requirement, then there is the possibility of a dispute arising at some point.
As these can be costly, both in terms of punitive damages to the user and fines from the relevant regulatory bodies, then you should be looking for expert legal advice to fight your corner.
More data is collected and used in more ways than ever before. That means you have both a legal and moral responsibility to ensure that your users are fully informed of how you collect, use, store, and protect their data.
Obtaining consent is crucial as it allows you to collect and use appropriate data in various ways.