by Suzette Corley; Privacy Paralegal
What is a privacy notice?
Unlike privacy policies, which are used internally, a company’s privacy notice is directed externally and explains how an organization handles any customer, client or employee information gathered to operate its business. A privacy notice also serves as legal notice to the public and states how customer personal information is used. For example, Facebook provides a “Privacy Notice” to users and makes it available in the “privacy” tab. A law firm may provide its privacy notice to clients in the form of an engagement letter or as an e-mail signature. Websites will often provide a link to their privacy notice in the footer of each page.
Does the law require a business to have a privacy notice?
Although almost every organization can benefit from a privacy notice, in the U.S. there are only two types of organizations which are required to have one: the banking industry, which is regulated by Gramm-Leach-Bliley/Federal Trade Commission (FTC), and the medical industry, which is regulated by the U.S. Department of Human Services, HIPAA laws. If you’re in the U.S. and don’t fall into either of these categories, you’re not required to have a privacy notice—with one notable exception. If your company is located in California, the CAN SPAM dictates very specific privacy laws which require companies to have a privacy notice.
Is it a good idea for my business to have a privacy notice?
While not required for unregulated industries, most businesses choose to maintain a privacy notice at some minimal level. With increasing consumer concern over privacy and data collection, having one in place can help with prospective marketing and customer retention. By maintaining a privacy notice, you’re showing your customers you care about their information and are being transparent with what you do with that information.
Ultimately, the question of whether your company should have a privacy notice comes down to whether you collect any personal data on the customer. Many businesses collect some sort of sensitive information on their customers, such as such as email, cookies, subscription information, credit card payment information, IP addresses, or demographics. If your company collects this type of data, it most certainly should have a privacy notice. If it doesn’t, you’ll need to decide what’s in your best interest.
How do I draft a privacy notice?
First, ensure your policy does:
Identify what you’re collecting
- Disclose whether you’re sharing the information with third parties
- Tell customers what you’re storing
- Provide a way for customers to communicate with you. This is imperative.
- Give customers an opt-out opportunity
Need assistance with your privacy notice?
Whether you need to draft a new privacy notice or amend an existing one, remember these best practices:
- A Privacy Notice should be easy to find; most companies place the notice in the footer of their website.
- Follow the notice – if you put it out there make sure you have procedures in place to do what your notice says it does
- Only collect what you absolutely need.
Contact us to help with your privacy notice today.