On behalf of Sayer Regan & Thayer of Sayer Regan & Thayer, LLP posted on Thursday, September 1, 2022.

Whether you are a brand new business or you are creating a new website for an existing company, it’s wise to incorporate a privacy statement. Also known as a privacy policy, a privacy statement details your website’s data collection and usage practices, generally explaining the type of information your website collects, how it is used, and whether it will be shared or sold.

In answer to the title’s question: yes, your website needs a privacy statement if it collects personal information from users.

Privacy Policy: Breaking it Down

A privacy policy is a legal agreement telling visitors what types of personal information you will gather from them, how you will use that information, and how you will safeguard it.

Personal information examples may include:

• Names
• Dates of birth
• Phone numbers
• Email addresses
• Billing and shipping addresses
• Banking details
• Social security numbers

In general, a privacy policy should cover:

• Type of information collected by the app or website
• Why the data is being collected
• Data storage, access and security
• Details of data transfers
• Affiliated organizations or websites
• Use of cookies
• Text message data
• Usage and analytics data
• Effective date
• Data subject rights
• Policy updates

All websites collect and interact with data gleaned from their visitors in some way – especially in the case of e-commerce stores. In addition to personal information like above, these sites also collect IP addresses, payment details and session activity.

But no matter what kind of business you own, a privacy policy is a critical inclusion because it protects both the website owner and the customer while making sure your website is in compliance with legal obligations.

There is no federal law designating nation-wide rules regarding privacy policies, but many states have their own privacy policy rules. While there is no comprehensive privacy law in Rhode Island currently, the right to privacy is covered by Rhode Island statute. But you should be aware of other states in which you may have a business nexus may have their own internet privacy laws. For example, California has strict privacy policies in place under the California Online Privacy Protection Act (CalOPPA).

Creating a Privacy Policy

Just like for wills and other legal documents, there are templates online that you can download and use for free. However, again just like wills, it’s not advisable to create your own privacy policy because you could run into legal ramifications later on. It’s best to have a lawyer create your privacy statement to ensure it includes information pertinent to your specific business and that it complies with local laws.

In the end, it all depends on what kind of business you have. Let’s say you post a small personal blog that only collects email addresses so you can send readers a monthly newsletter. You don’t exactly need a lawyer to create the policy in this instance, although it’s advisable. However, if you run an e-commerce site shipping custom t-shirts to clients all over the world, legal assistance is a must because your privacy policy will be more complex.

However, even with the smallest of websites, you could be gathering information about users and not even realizing it, which is why it’s good to be covered by a privacy policy in any event. If you take customer inquiries via email, social media or contact forms, or you maintain a mailing list, you could still be on the hook for data protection law violations.

While you could conceivably craft your own privacy policy, it’s best to hire a business lawyer who is well-versed in data protection laws and regulations. This will protect your best interests and make sure the statement is legal and correct. When deciding if you need a lawyer to create a privacy policy, ask yourself:

• Does my site collect large amounts of personal information from users?
• Does my site have an ecommerce component?
• Do my users hail from multiple countries and/or legal jurisdictions?
• Does my site transfer data to/from third parties?

In general, the more personal data you collect and the more far-reaching your user base is, the more complicated your privacy policy will be.

Contact Sayer Regan & Thayer for Business Legal Services

Still not sure if you need a lawyer for your website’s privacy policy? For your free, no-obligation consultation regarding the creation of privacy statements for websites, or to address violations of said privacy statements, contact us today.

These materials have been prepared by SRT for informational purposes only and are not intended and should not be construed as legal advice.