You have a business.  You have a business website. Do you really need to have a Privacy Policy posted on your website?

Most likely, the answer is increasingly “YES!”

Not only because having a Privacy Policy is the right thing to do (like having insurance), but also because it is increasingly required by recent laws passed that apply to websites which collect personal information.

And by “personal information”, we mean things as simple and seemingly innocuous as the name and email address that your visitors enter into your opt-in form or Contact form on your website!

General Data Protection Regulation (GDPR)

Everyone’s favorite nanny state, the European Union, added tremendous momentum to an already rolling snowball when it legislated GDPR, a requirement obligating websites ANYWHERE IN THE WORLD to obtain explicit consent from users residing in any of the EU member countries, prior to collecting their data in virtually any form (including computer cookies and tracking information).

Consent can be given in a written or electronic manner. The request for consent must be intelligible, easily accessible, and use clear and plain language.

By “request for consent”, GDPR means a Privacy Policy.

GDPR applies to you if:

  • You are located in a member country of the European Union;
  • You offer goods or services to residents of any European Union country, regardless of your location;
  • You monitor the behavior of residents of any European Union country, regardless of your location; or
  • You process and  hold the personal data of the residents of any European Union country, regardless of your location.

If the above applies to you then you are required to have a Privacy Policy, or you will face trans-national prosecution, as well as substantial fines and penalties.

California Online Privacy Protection Act of 2003 (CalOPPA)

CalOPPA requires the proprietors of commercial websites to have a Privacy Policy. This law applies to operators of commercial websites and online services that collect “personally identifiable information” about consumers who reside in the State of California, who use or visit such a commercial website, regardless of where that website or its operator is located.

Also, this law does not have a revenue requirement, meaning that it can be applied to small businesses as well as large ones.

California Consumer Protection Act (CCPA)

The CCPA is a new California law that went into effect on January 1, 2019. This law also requires the website owner to have a Privacy Policy that includes a description of the consumer’s rights pursuant to the law and a link to the “Do Not Sell My Personal Information” web page.

The CCPA is a little more limiting in that it is specifically applied to businesses with annual gross revenues exceeding $250 million, or which annually buys, receives, sells or shares the personal information of 50,000 or more California residents, households or devices, or derives 50% or more of its annual revenue from selling the personal information of California residents.

Again, the CCPA does not distinguish as to where the business or website is actually located, but rather where the consumers or users of the website are located.

If the CCPA applies to you, you will need to have a compliant Privacy Policy and be prepared for enforcement as soon as July 1, 2020.

Nevada Privacy Law

The Nevada Privacy law (Chapter 603A of the Nevada Revised Statutes) requires at least some websites to have a Privacy Policy. The law was recently amended (SB220) to require disclosure of whether the personal information of Nevada residents will be sold, and the disclosure of a request address through which a user may submit a request prohibiting the sale of their personal information.

The Nevada law and its amendment applies to “operators” which is defined as any person who:

  • Owns and operates a website or online service for business purposes;
  • Collects and maintains the personal information of consumers who reside in Nevada and who use or visit the Internet website or online service; and
  • Purposefully directs its activities toward Nevada, consummates a transaction with the state of Nevada or a resident of Nevada, purposefully avails itself of the privilege of conducting activities in Nevada, or otherwise engages in any activity that constitutes sufficient nexus with Nevada to satisfy the requirements of the U.S. Constitution.

Once again, the Nevada law does not require your business to be physically located in Nevada for it to apply. The law also does not have a revenue requirement, meaning that it can be applied to small businesses as well as large.

These four laws are just the ones that are in place right now or which are going into effect very soon.

The fact is that there are more laws coming. Over a dozen states have proposed new privacy laws that will require businesses and websites to have a privacy policy and specified disclosures.

These new laws will undoubtedly impose additional and possibly even contradictory requirements, with heavy penalties for non-compliance. Even if you have your own attorney draft a Privacy Policy that is valid in your state, most attorneys do not have the resources to constantly track the changes across all 50 states, plus overseas.

This makes a Privacy Policy service such as a good choice for website peace of mind. Not only will they provide a Privacy Policy, Terms of Service, and Disclaimer statement customized for your business and compliant with all current laws, they will automatically update the text of your policy to keep you up to date and in compliance with the latest legal changes.

Termageddon’s Privacy Policies are also provided as an add-on to Breckshire’s own website Care Plans, for a fully worry-free website for your business!


About the Author:  Donata Kalnenaite is a licensed attorney (Illinois) and certified information privacy professional, and is the President of Termageddon. She holds courses for the Illinois State Bar Association on the General Data Protection Regulation, as well as teaching other attorneys on the importance of privacy and what Privacy Policies should contain.


About Chris B. Nelson-Jeffers

Chris Nelson-Jeffers is a leading online marketing expert working with select businesses, organizations, and professionals in the Wausau, Wisconsin area to optimize and expand their online presence so they can increase sales and grow their business. Contact Chris today to learn how you can leverage modern digital marketing practices to grow YOUR business!

Visit My Website
View All Posts