What is a Privacy Policy?

If you’ve ever visited a website, especially the website of any major business, you may have noticed that they have links somewhere on their page--usually in the footer--with the words, “privacy” or “privacy policy.” This usually links to their privacy policy.

What is a Privacy Policy?

A privacy policy is an agreement between a company and the users or visitors of the company’s website about how it will collect, use, process, and share information from visitors. It should contain information about how a consumer can control their privacy preferences, including an option to opt out of providing information.

Are You Required to Have a Privacy Policy?

If you operate a website that collects “personally identifiable information” from California consumers, your website must have a privacy policy. Personally identifiable information includes someone’s

  • name,

  • email address,

  • phone number,

  • social security number, or

  • any other information that makes it possible for that person to be contacted in person or online.

If you collect information from anyone under 13 or if you collect sensitive information, such as health information, you have to take additional steps before collecting that information.

How are Privacy Laws Enforced?

California has enacted the California Online Privacy Protection Act of 2013 (“Cal-OPPA”) to protect the privacy of California consumers. In the United States, the Federal Trade Commission (“FTC”) uses its enforcement powers to protect the privacy of U.S. consumers.

Compared to the European Union (“EU”), the framework for privacy protection in the United States is rather patchy. The EU is very serious about protecting the privacy of its consumers and has a comprehensive and strict approach to privacy protection. If your company collects information from EU consumers, your company is also required to abide by EU laws.

How to Ensure Your Privacy Policy Doesn't Get You in Trouble

Having a privacy policy isn’t enough to demonstrate compliance with privacy laws. You must abide by your own privacy policy. The FTC has taken enforcement actions against companies that do not comply with their own privacy policies.

To ensure your privacy policy meets the needs of your company, it has to be specifically tailored to your business. Taking someone else’s privacy policy and using it as your own is a bad idea because it’s unlikely that your business is exactly the same as someone else’s and it’s also unlikely that you collect and process information in the same way.

Remember that your privacy policy is an agreement between your company and anyone who visits your site. When you make this agreement, you are promising anyone who visits your site that you will live up to your end of the deal and do the things you promise you will do. If you don’t live up to your promises, you can be sued by the FTC, the California government, EU enforcement authorities, and private parties.


If you have questions, we are here to help. You can schedule a free strategy session with us by clicking here.


This article is provided for informational purposes only and should not be construed as legal advice. Read our disclaimer here.