A beautifully crafted website not only showcases your business and passion but also brings in leads. That’s why most websites built include a contact form, so that you can get in touch with the people who appreciate your work and passion and want to buy from you. A contact form is usually a page that requests some information from the user such as name, email and phone number. Below is a great example of a simple and effective contact form. 

Unfortunately, what most business owners do not realize is that having a contact form subjects you to certain privacy laws and therefore requires you to have a compliant Privacy Policy. In this blog post, we will: 

  • Show you why your website needs a Privacy Policy; 
  • Inform you on what laws apply to most websites; and 
  • Recommend you an easy to implement solution that will get you compliant. 

While all of the new privacy laws and proposed bills can be a bit confusing, a few important principles can help you navigate the current regulatory landscape. 

Why your website needs a Privacy Policy

Since most websites have a contact form, we will assume that yours does too. A contact form collects information such as name, email and phone number. All of this information is defined as “personally identifiable information” as it can be used to identify someone.

While the use of PII has been a wild west in the past, currently, it is clear that consumers are more interested in the privacy of the information they share online than ever before.

Due to consumer interest and some unfortunate data abuses in the past (think Facebook and Cambridge Analytica), states and governments have been proposing and passing new privacy laws that would protect PII.

What you need to know

If you are collecting PII on your website, you probably need a Privacy Policy.

What laws require you to have a Privacy Policy?

Currently, there are four laws that require Privacy Policies: 

1. General Data Protection Regulation: this European Union law requires all companies located in the European Union that collect PII to have a Privacy Policy. If you are not located in the EU, the law applies to you if: 

    1. You offer goods or services to EU residents; 
    2. You monitor the behavior of EU residents; or 
    3. You process and hold the data of EU residents.`

2. California Online Privacy Protection Act: this law applies to you if you collect the PII of California residents on your website. 

3. California Consumer Privacy Act: this law applies to you if you do business in California and you:

    1. Have annual gross revenues of over $250,000,000; 
    2. Annually buy, receive, sell or share the personal information of 50,000 or more California residents, households or devices; or 
    3. Derive 50% or more of your annual revenue from selling the personal information of California residents.

4. Nevada Chapter 603A/SB220: this law applies to you if you: 

    1. Collect the PII of Nevada residents; 
    2. Purposefully direct your activities to Nevada, enter into transactions with Nevada consumers or conduct business in Nevada.

If you are not located in California or Nevada, your first instinct may be that these laws do not apply to you and thus you do not need to worry about it. Let me ask you this question: when you go online to search for whatever it is that you need, do you only visit the websites in your state? Usually, people search by what they need and not by location. So, unless you offer hyper-local services, it is possible that the laws of other states would apply to your website. 

Furthermore, there are over ten other states that have proposed their own privacy bills that would require you to change your Privacy Policy to conform to their requirements. These bills would impose hefty fines for non-compliance. 

What you need to know

The privacy laws of other states and governments may apply to your website and require you to have a Privacy Policy.

Privacy Policy Solution

It is clear that if your website collects PII via a contact form, you need to have a Privacy Policy that is compliant with the existing law. You also need to update your policy whenever the laws change so that you stay compliant. We hope that you check out Termageddon, an affordable solution to generating Privacy Policies that automatically updates your policies whenever the laws change. Contact us if you are interested in signing up! 

Click here to see a great example of Termageddon in action!

Donata Kalnenaite, Esq., CIPP
Owner and Co-Founder

Share This

Share This

Share this post with your friends!