Frequently Asked Questions about Privacy Policies

Why Do I Need A Privacy Policy On My Website?

With the rise of piracy and hacking, interest in online security is at an all-time high. A privacy policy is a disclosure document, which explicitly states how you will collect and use data from your users. There are various regulations that place added restrictions on data being collected from children, collecting data in the health or finance fields, or if you’re operating across nation-states. 


How Often Should I Update My Privacy Policy?

You must always keep your privacy policy up-to-date with any use of user data that you may have. The privacy policy must remain accurate over time, so if you’re integrating a new 3rd party feature, you will most likely need to update your privacy policy (unless the policy waives the right for data to be collected by any and all 3rd party companies). If you are planning to update your privacy policy, make sure that you are not using data collected under the earlier policy without getting the express permission from those users.


What Do I Need To Include In My Privacy Policy?

  • Information Collection and Use of Data – This is the most important section of the privacy policy. This section tells users what type of personal information your website will collect and how you use that information. This must disclaim ALL collections of data and ALL uses of said data (otherwise, you open yourself up to liabilities).
  • Log Data – This section informs your users about the data that is collected automatically from the web browsers or servers that your website is using (for example: IP addresses, browser types, browser versions, etc. may all be collected). This is important, because although you are not personally collecting or handling the data, it is still being collected through your website, therefore making you liable. 
  • Cookies – This section state whether or not you intend to store cookies (most likely, the answers is, ‘yes’). This section will also disclose if you’re using third party software such as Google Analytics to collect data from your user.
  • Choice – This section tells the users about what options they have regarding how the data is collected and used. This is a good section to add if you plan on offering a customizable ‘security’ page.
  • Links to Other Sites – This section discloses that there may be links on your site, which takes the users to web sites that are outside of your control or ownership. This is important for forums, blogs, or any other websites where hyperlinks may be used abundantly.
  • Age-related Restrictions of Use – This section sets forth the expectations for users’ age (this especially important – as collecting data from kids under 13 years old is heavily regulated). This section will also include whether or not parental supervision is required to use your website.
  • Enforcement – This section includes what actions your users can take against you if the privacy policy is not followed properly.
  • Updates – This section explicitly states how policy changes will be communicated to the users. It is important to follow a rigid routine for updates and to never stray from what is outlined within this provision.


Can I Just Copy Another Website’s Privacy Policy And Be Okay?

The short answer is no. Due to the differences in third party software, the data collected, and how the data is used from Website to Website, you will not be able to copy and paste another website’s privacy policy and use it as your own. That being said, you may be able to make due by copying some aspects of the privacy policy and make it unique for your website. Further, many websites explicitly forbid the copying their Website’s privacy policy within their terms and conditions as well. However, some copying is fine (for the most part), but you want to make sure that you’re tailoring the privacy policy to the specificities of your website. Whether or not you choose to go this route, you should ALWAYS have the document reviewed by a licensed attorney. Without having an attorney review the documents opens you up to liabilities that you probably otherwise wouldn’t notice.


BBB sample privacy policy


Example of change log:

Change log:

  • September 18, 2013:  Added that blog commenter email addresses are disclosed to administrators of the blog where the comment was left.
  • February 1, 2011: Clarified subpoena language and added Business Transfers paragraph
  • January 3, 2011: Added court order and subpoena clarification
  • July 1, 2010: Revised paragraph about IP addresses to explain when they are collected and that commenter IPs are visible to blog administrators
  • October 29, 2009: Added Comments paragraph to explain Akismet comment storage policy
  • March 10, 2009: Added Ads paragraph to alert users that ads from third parties may use cookies
  • February 18, 2015: Updated Creative Commons license from 2.5 to 4.0


If you found this helpful, be sure to read our Business Checklist article. 

Need advice?
Revised: April 6, 2016, 8:43 p.m.
Return to blog