Short answer-Yes.
It’s a typical story for a new business: step one in forming a new company is to name the company. In this modern era, choosing a name requires that you check what domain names are available and secure your digital presence. From the first day of your company you’ll probably be thinking about finding and converting customers using your website. But as you begin to engage with your public, you should also consider the consequences of your communications.
How do I adopt a privacy policy?
One consideration is the adoption of a privacy policy. A privacy policy can be as simple or as complex as you need, can reduce your liability, and may be required by law. Governor Edmund G. (“Jerry”) Brown recently signed a bill in California that goes into effect January 2014 requiring a privacy policy, so if you are doing business and seeking customers in California through your website (isn’t everyone?) you must have a privacy policy conspicuously available which discloses:
- What types of personal information is collected by the website;
- What types of third parties will share information collected on the website;
- How users may review and request changes to the personal information stored by the website operator (if available);
- How users will be notified of changes to the policy; and
- When the policy is effective.
Even if you do not operate in California, the California law may be a glimpse of the future – and there are other reasons to adopt a policy. Even if your only interaction with website visitors is a “contact us” form, your website may capture cookies and other information. Put yourself in the customer’s position: if someone is taking notes about what you were doing as you visited the website and sharing those notes with others, wouldn’t you want to know? A privacy policy is a discussion between you and your customers about how you will treat their information. It is also an opportunity to disclaim your liability for certain harms.
Whether maliciously or accidentally, data breaches do occur. Many people starting a business feel they have higher priority concerns than data security, but it should be on the list. Practically speaking, adding a privacy policy is a small first step in what should be a thorough audit of data sources, maintenance and security practices, and use policies.
About the Author: Leigh Gill
Email: leigh.gill@immixlaw.com | Direct: (503) 802-5542
Having worked as a business analyst, project manager and consultant, Leigh’s desire is to understand the business need and apply effective real-world solutions to solve business problems.
[hr]