Beebe Law PLLC
Copyright 2012 - 2023, Beebe Law, PLLC. All Rights Reserved.
People often use the terms "Privacy Notice" and "Privacy Policy" synonymously, especially when referring to statements on a company website. However, the International Association of Privacy Professionals ("IAPP") explains the term "Privacy Policy" to refer to the internal organization statement of the policies designed to communicate what practices to follow to those inside the organization, and "Privacy Notice" for external communications. In practice, however, "Privacy Policy" is often used to describe either. Beebe Law uses "Privacy Notice" on it's website for the public facing notice but for the purpose of this webpage, we will refer to the public facing information on a website as a "Privacy Policy."
A website/app Privacy Policy is the agreement that discloses your data privacy practices, how you handle your users' personal information/data, and if you share or otherwise sell any of the data. These agreements are often legally required by global privacy laws if you collect or use personal information, regardless of the platform used. Similarly, these agreements can be required even if you don't collect data but use third-party tools (like Google Analytics, etc.). Examples of such laws requiring Privacy Policies include EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA") and related California Privacy Rights Act ("CPRA"), all of which can impact Arizona entities depending on the nature of your business and customers. In fact, more and more states in the United States are enacting comprehensive data privacy laws that might reach outside of their states to Arizona businesses. Do you know if you are compliant with the ever changing laws?
This type of an agreement generally belongs on the following types of platforms:
Information privacy is concerned with establishing rules that govern the collection and handling of personal information and therefore understanding what constitutes "personal information" is incredibly important. Central to this point is learning what types of information can be linked to a particular person versus information that is merely obtained in the aggregate or statistical information. Here in the United States the terms "personal information" and "personally identifiable information" (often shortened to "PII") include information that makes it possible to identify an individual. Examples of personal information can include:
We know that it's tempting to get documents online - after all, free is a great price! The same goes for using ChatGPT to create yourself a legal document. However, those free forms aren't crafted with your particular business needs, goals, and risk tolerance in mind nor do they necessarily take into consideration the most recent regulations and laws that seem to change frequently. Furthermore, regulators and courts often treat your Privacy Policy as an enforceable promise made by the company to the users/customers. If you just snag a free document, or have ChatGPT draft it for you, and you don't understand the promises that are being made, you can find yourself in hot water legally speaking. Working with a privacy professional, or a lawyer that keeps up to date with the constant changes, provides you opportunity to have each clause explained to you so you know what your duties are, and helps prevent you falling out of compliance when the law changes - and they do change as technology evolves.
If you don't have a website Privacy Policy, or started with one of those generic free or low-cost forms, that's okay! Better late than never! If this is you, and you're ready to elevate your business reputation and protect your business by having us draft or otherwise review your existing Privacy Policy, contact us!
Not sure where else your website might need some TLC in order to help avoid legal liability? Contact us to inquire about having us prepare for you our multi-point Business Website Risk Audit Report which includes a section on website Privacy Policies. It's better to let us tell you ahead of time where you can improve so you can address issues now instead of waiting until an issue arises - because at that point, it's likely to cost you a lot more money to deal with. Trust us, being proactive is a lot better than being reactive!
Of course people read these things... Well, sometimes. Okay, maybe enough just to see that you are legit - and that, outside of protecting you, is what's important!