The risks of not having a Privacy Policy
If you use the Internet, odds are that you have seen an “I agree to the Privacy Policy” checkbox, a Privacy Policy link in the footer of a website or one of those cookie popups. It is hard to find a website that doesn’t have one of these. You may be questioning whether your website needs one. And I mean really needs one? What is all the fuss about? What is actually going to happen if you don’t get one? In this post, we will explore the risks of not having a Privacy Policy so that you can make an educated and informed decision for yourself.
Risk #1: breaking the law and getting fined
While the protection of sensitive data such as health information is certainly nothing new, the protection of personal information online has only gotten serious in the last few years. Currently, there are four privacy laws in the European Union and the United States that protect the privacy of people online. These laws require certain businesses that collect personal information on their websites to have a Privacy Policy:
- European Union’s General Data Protection Regulation (GDPR);
- The California Online Privacy Protection Act (CalOPPA);
- The California Consumer Privacy Act (CCPA); and
- Nevada’s Revised Statutes Chapter 603A and SB220.
To be clear, these laws apply to websites that collect personal information such as name, email and phone number. Think of your website, do you have a contact form or an email newsletter sign up form? If so, these laws may apply to you. What if you are not located in the European Union, Nevada or California? These laws have been enacted to protect the privacy rights of the consumers of those states and countries, not the businesses. This means that these laws reach far beyond the geographical area you would expect. If you transact with consumers, advertise, receive inquiries or have remote staff in these places, you may be subject to those privacy laws. To learn more, read about what laws require websites to have a Privacy Policy.
Let’s say that one of these laws applies to you. So what? Well, these privacy laws impose heavy penalties for non-compliance. Fines can range from $2,500 per violation (per website visitor) to €20,000,000. While the news only features high-profile companies such as Google or Facebook being fined, the truth is that much smaller companies are also getting into trouble. In fact, there are new fines imposed nearly every week and for even the smallest of violations, such as infringing upon the privacy rights of one person. You don’t need to have millions of customers for fines to apply to you. Another tool that draws on data from official sources around Europe, and displays them on the dashboard that you can seen here:
And, if that’s not enough, currently, there are nine other states that have proposed their own privacy bills. In fact, some of these bills would allow consumers to sue businesses directly for not having a compliant Privacy Policy. While the requirements of each bill are slightly different, they all require websites that collect personal information to have a Privacy Policy that is compliant and they all would impose high penalties for violations.
Risk #2: losing the trust of your customers
In a study conducted by IBM, 89% of consumers said that companies should be more clear about how their products use data. Furthermore, 81% of consumers said that in the past year, they have become more concerned with how companies use their data. While we can all rightfully blame Facebook and Cambridge Analytica for this new-found concern, the truth is that consumers feel this way about all data collection by all companies. Consumers want to see their privacy rights being respected. Failing to assuage these fears by not having a Privacy Policy leads to a loss of trust. We are all consumers so ask yourself: if you could choose between a company that respects your rights and one who does not, which one would you choose? Don’t make your customers choose your competitor over a Privacy Policy - get one and put this concern to rest.
Risk #3: delays in your sales cycle
Cisco performed a study that found that 65% of businesses experienced delays in their sales cycles due to privacy concerns. The average delay of the sales cycle was 7.8 weeks. Furthermore, privacy maturity correlated with the likelihood and costs of data breaches. By not having a Privacy Policy, you risk a delay in closing deals and making sales, which no small business wants.
It is clear that not having a Privacy Policy on your website if you collect personal information can be risky. You could be breaking the law, which can lead to fines, you can lose the trust of your customers and you can experience significant delays in your sales cycle. I hope that this blog post has helped you make an informed decision about your Privacy Policy and that you choose not to take the risk.
Read More
Additional blog posts
