614.9445171
4200 Regent Street, Suite 200, Columbus, Ohio 43219
Schedule a Consultation
Business Attorney | Law Office of Maritza S. Nelson, LLC
  • Home
  • Who We Serve
  • Practice Areas and Fees
    • General Counsel Service
    • Business Law >
      • LLC Formation
      • LLC Operating Agreements
      • Close Corporation Formation
      • Corporate Bylaws
      • Close Corporation Agreements
      • Other Business Law Services
    • Business Contracts >
      • B2B Service Agreements
      • Contract Review and Advice
      • Customer Agreements
      • Financial Agreements
      • Joint Venture Agreements
      • Lease Agreements
      • Noncompete Agreements
      • Nondisclosure Agreements
      • Waiver and Release Agreements
      • Website Privacy Policies
      • Website Terms of Service
    • Business Sales >
      • Business Purchases and Sales
      • Letter of Intent
      • Purchase Agreements
      • Buy-Sell Agreements
      • Membership Interest Transfer Agreements
      • Business Succession & Disaster Planning
      • Business Dissolutions
    • Raising Money From Investors >
      • Private Placement Memorandums
      • Investment Agreements
    • Franchising and Business Opportunities >
      • Franchise Disclosure Documents
      • Franchise Agreements
      • Ohio Business Opportunity Plans
    • Nonprofit Law >
      • Nonprofit Formation
      • Co-op Formation
      • Tax Exempt Status
      • Nonprofit Governance
      • Nonprofit MOUs and Agreements
      • Nonprofit General Counsel Service
    • Intellectual Property >
      • Trademark Search
      • Trademark Registration
      • Trademark Maintenance
      • Copyright Registration
      • Work For Hire Agreement
      • Licensing Intellectual Property
      • Assigning Intellectual Property
      • Proprietary Information and Invention Assignment Agreements
      • Confidentiality Agreements
      • Intellectual Property Audit
    • Employment Law >
      • Employment Contracts
      • Employee Handbooks
      • Employment Policies
      • Independent Contractors
  • Adding Value
    • Legal Audit Checklist
    • Legal Dictionary
    • 7 Common Legal Mistakes
    • Succession and Emergency Planning Worksheet
    • Business Contracts: Review Checklist
    • Webinars >
      • HR 101: Managing the Growing Pains That Come With Growing Your Business
      • Hiring Independent Contractors
      • Legal Audit and Risk Assessment
      • Structuring a Social Enterprise
  • Bio
  • Blog
  • Scheduling
    • Prospective Client Scheduling
    • Existing and Former Client Scheduling
    • Networking Scheduling
  • Home
  • Who We Serve
  • Practice Areas and Fees
    • General Counsel Service
    • Business Law >
      • LLC Formation
      • LLC Operating Agreements
      • Close Corporation Formation
      • Corporate Bylaws
      • Close Corporation Agreements
      • Other Business Law Services
    • Business Contracts >
      • B2B Service Agreements
      • Contract Review and Advice
      • Customer Agreements
      • Financial Agreements
      • Joint Venture Agreements
      • Lease Agreements
      • Noncompete Agreements
      • Nondisclosure Agreements
      • Waiver and Release Agreements
      • Website Privacy Policies
      • Website Terms of Service
    • Business Sales >
      • Business Purchases and Sales
      • Letter of Intent
      • Purchase Agreements
      • Buy-Sell Agreements
      • Membership Interest Transfer Agreements
      • Business Succession & Disaster Planning
      • Business Dissolutions
    • Raising Money From Investors >
      • Private Placement Memorandums
      • Investment Agreements
    • Franchising and Business Opportunities >
      • Franchise Disclosure Documents
      • Franchise Agreements
      • Ohio Business Opportunity Plans
    • Nonprofit Law >
      • Nonprofit Formation
      • Co-op Formation
      • Tax Exempt Status
      • Nonprofit Governance
      • Nonprofit MOUs and Agreements
      • Nonprofit General Counsel Service
    • Intellectual Property >
      • Trademark Search
      • Trademark Registration
      • Trademark Maintenance
      • Copyright Registration
      • Work For Hire Agreement
      • Licensing Intellectual Property
      • Assigning Intellectual Property
      • Proprietary Information and Invention Assignment Agreements
      • Confidentiality Agreements
      • Intellectual Property Audit
    • Employment Law >
      • Employment Contracts
      • Employee Handbooks
      • Employment Policies
      • Independent Contractors
  • Adding Value
    • Legal Audit Checklist
    • Legal Dictionary
    • 7 Common Legal Mistakes
    • Succession and Emergency Planning Worksheet
    • Business Contracts: Review Checklist
    • Webinars >
      • HR 101: Managing the Growing Pains That Come With Growing Your Business
      • Hiring Independent Contractors
      • Legal Audit and Risk Assessment
      • Structuring a Social Enterprise
  • Bio
  • Blog
  • Scheduling
    • Prospective Client Scheduling
    • Existing and Former Client Scheduling
    • Networking Scheduling

Join our mailing list and receive our Legal Audit Checklist.

Check out our latest blog posts, webinars, and other valuable content.
Join the List

11/17/2020

1 Comment

Why Your Business Website Must Have a Privacy Policy

 
Picture
If your business has a web presence (and in the 21st century, you really should), then you probably need a privacy policy on your website. Several relatively recent laws require business websites to post a privacy policy, but these laws aren’t universal in their applicability, especially when it comes to small businesses. Complicating matters, this area of the law is developing and changing rapidly.

According to a recent survey, customers are not only starting to care about their online privacy, but they are also willing to take action to protect their privacy, even going so far as to switch businesses or service providers because of their privacy policies. This means your customers are increasingly likely to want to know what data they are giving up when they interact with your business and what your business is doing with all that data in the first place. In this post, we’ll talk about the legal requirements for your website privacy policy: What should be included in your privacy policy? What are some best practices for keeping your privacy policy up to date?
​
While Ohio has not passed any laws specifically requiring websites to post privacy policies, such laws have been passed in several other jurisdictions. And these laws typically apply even if your business isn’t located in that state or country.
Practice Note: Ohio law hasn’t addressed privacy policies yet, but Ohio’s Data Protection Act  does protect businesses from lawsuits if they take steps to protect the security and confidentiality of personal information, among other requirements.
The most common example of this is California’s Online Privacy Protection Act which requires websites and apps to post a privacy policy if they collect any personally identifiable information from California residents. Regardless of where your business is located and who your target customer is, unless you can be absolutely certain that you’ll never collect information from someone located in California, then this state law from across the country applies to your website. 
​
Under California law, your privacy policy must let visitors know what personally identifiable information your site collects and who you share that information with. The law doesn’t dictate what information you can or cannot collect or even what you can or cannot do with that information once you have it, but it does require that your business comply with whatever privacy policy you establish. 

Similarly, the European Union’s General Data Protection Regulation (GDPR) applies not only to businesses based in the EU, but also to businesses that offer goods or services to residents of the EU or that collect data from the EU. As we discuss below, most websites these days use third-party services to track website visitors. That alone potentially makes the GDPR applicable to your small business because an EU resident could stumble across your site, even if you aren’t specifically targeting the EU. So while the GDPR technically applies to almost every website in the world, (a) as a practical matter, it seems unlikely that regulators will be targeting small businesses that inadvertently obtain insignificant amounts of data, and (b) it does include an exemption to the more onerous record-keeping requirements for small businesses with less than 250 employees. 

The GDPR is a complex law with a lot of requirements. But most importantly for small businesses, it requires that you:
  1. be transparent about the data you collect,
  2. have a legitimate purpose for collecting that data,
  3. only collect as much data as is necessary for those purposes, and
  4. get specific, unambiguous consent for collecting and processing that data. This is a major reason why so many websites now have those annoying cookie notifications popping up everywhere. 

In addition to the patchwork of legal regulations requiring a privacy policy, the services you or your website designer may have built into your website also typically require the use of a privacy policy. For example, most websites rely on Google Analytics to try to understand how visitors find and interact with their website. When you signed up to use Google Analytics on your site, you agreed to their terms of service, which require the use of a privacy policy on your site. Other data analytics tools, third-party advertising services, your payment processor (if your business is involved in e-commerce), even the chat bot that interacts with your visitors, all typically require that your site post a privacy policy. 

What to include in your privacy policy

Privacy Policy
Your website’s privacy policy should let visitors to your site know:
  • What information your website collects about visitors
  • How that information is collected (i.e., through forms a visitor fills out, cookies that collect information automatically, etc.)
  • What you will do with that information once it’s in your possession
  • How you will keep that information safe
  • What information collection your visitors can opt-out of (and how that might impact their use of your site or services)
  • What third-party services you use to collect, process, or store information. (In addition, you should check the terms of services with those third-parties to make sure your privacy policy complies with their requirements.)  ​

​Best Practices for Drafting and Maintaining Your Website Privacy Policy

This is a messy area of the law that is only likely to get messier as the privacy debate continues. At this point, you might be thinking, “I’ll just copy a privacy policy from a website that seems similar to mine and call it a day.” But be careful! The law may not be clear about what your privacy practices should be, but it is clear that, at a minimum, your business must comply with the terms of whatever privacy policy you set. Failing to do so or misrepresenting what you do with consumers’ personal information is an unfair or deceptive trade practice. In other words, your business can face legal liability simply for failing to follow your own privacy policy.

​As your business practices change, your privacy policy should also be updated to reflect those changes. And because this is an evolving area of the law, your privacy policy should be reviewed periodically to ensure compliance with the changing regulatory landscape.

If you have questions or concerns about the legal requirements applicable to your website privacy policy:
Schedule a Consultation
1 Comment
Lynette Santoro-Au link
12/9/2020 03:14:00 pm

Hey Maritza, hoping you can help me with crafting this language for our website at ROY. We're launching e-commerce and want to be sure to cross our ts.

Reply

Your comment will be posted after it is approved.


Leave a Reply.

    Categories

    All
    Advertising Law
    Business Formation
    Business Law
    Confidentiality Agreements
    Contracts
    Copyright
    Corporation
    COVID 19
    COVID-19
    Employment Law
    Firm Announcements
    General Legal Advice
    Hiring An Attorney
    HR Policies
    Independent Contractors
    Intellectual Property
    Limited Liability Company (LLC)
    Motivation
    Non Profit
    Partnership
    Privacy Policy
    S Corp
    Small Business
    Social Enterprise
    Sole Proprietorship
    Trademarks
    Trade Secrets

    Archives

    March 2023
    January 2023
    December 2022
    September 2022
    August 2022
    June 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    August 2019
    July 2019
    May 2019
    December 2016
    July 2016
    June 2016
    February 2015
    October 2014
    September 2014
    August 2014
    July 2014

    RSS Feed

Services

General Counsel Service
Business Law
​
Business Contracts
Business Sales
Raising Money From Investors
Franchising and Business Opportunities
Non-Profit Law
Intellectual Property
Employment Law

About

Who We Serve
Bio​
Adding Value
Webinars
Blog
Contact
​Careers
​Scheduling

Legal

The information contained on this website is not legal advice or legal opinion and should not be relied upon. Furthermore, nothing contained in this website is intended to create or establish, and does not constitute, an attorney-client relationship. 

Fee Information
Document Retention Policy 
Privacy Policy
​Client Communications Policy

Subscribe to the mailing list to receive useful tips for entrepreneurs and business owners.
Join Mailing List
Copyright © 2014-2023. | 4200 Regent Street, Suite 200, Columbus, OH 43219 | 614.944.5171 | info@msnlawoffice.com
Photo used under Creative Commons from jseliger2