• Privacy Policy

Writing a Privacy Policy for Your Website

So, you’re launching a website and you’re down to that one elusive item on your to do list: write a privacy policy. You sit down, pen in hand, ready to write your policy, and then you realize – how do you even begin?

What is a Privacy Policy?

A privacy policy is the written disclosure of the way you intend to use and reveal any personal information gathered from your site, including names, credit card details, addresses, phone numbers and more. It also includes any other technological data you may gather or store from your users, such as browsing habits and purchases. A privacy policy also covers the way you intend to observe visitors of your site and what you will do with that information.

You might pick the pen up again and think to yourself – do you really need to write all this information on your site? Does anyone read it anyway?

The short answer is yes, for two main reasons:

  • information securityIt is the law. While it is not the law everywhere, many countries including the U.S, Australia and the EU have already enacted legislation regarding the gathering of personal information online, and how you must outline your practices in a policy. Chances are, if you are dealing with Western countries, that there are privacy policy regulations that you must comply with.
  • It is good for business. Although it is the internet age, and people probably know you are going to gather their data, it is reasonable to let them know exactly what, how and when you are gathering, as well as how you are protecting their information. People are savvy, and given the choice will choose to work with online vendors and services that they can trust. When you run your business with transparency and integrity, you signal your trustworthiness to your visitors. That is worth everything to your name and reputation.

How Do You Start Your Policy?

There are two elements to this. First, you start by planning your policy. Map out what you are going to collect, with whom you will (or won’t) be sharing the information, and how you will secure the information you take. Then, write it down in a clear and readable way that is easily understandable to your site visitors.

Next, consider the ways you do business. What are the unique elements that apply to you? Does your site employ cookies? Will you ask for identifiable information from your users? Are you tracking their habits? Will you sell this information to someone else? For what purpose are you holding on to this information, and how will you use it? All these questions are central to deciding what issues should be covered by your privacy policy. Make sure that you run these issues by the different departments of your company to ensure that your IT team and marketing team are on board and doing what you say they are doing. As it’s prudent to err on the side of caution, it is usually wise to take only the information you require. Be conservative and considerate. Users may be willing to share their information for uses they understand, and may be put off by gratuitous grabs at their personal information.

How Do You Know If You Have Covered Everything?

You can only answer this question once you have complete and detailed answers to the questions above. It is probably a good idea to visit websites that provide similar services and learn about the different elements they cover.

Here are some elements you should note when crafting your policy:


Write your policy in clear, simple English. If your lawyer is crafting your policy (and it is recommended to consult a lawyer) clarify that you are looking for language that anyone can understand. Take a look at Ted’s simple policy. Try including answers to users’ questions that may come up – before they come up.


You may want to begin by explaining to your users why you are gathering and/or storing information and how it can be useful to them. Provide an example. Remember, your visitors may be frightened by online dangers. Explain, for example, that cookies are not harmful, not viruses and cannot steal information.


Explain exactly what information you are collecting. Provide details of whether you are collecting identifying information or anonymous data. Tell them if you will be employing cookies, etc. As clearly and accurately as possible, tell them what you will be doing with regard to the use and disclosure of their information.


You should explain, without too much technical detail:

  • How exactly you will be gathering this data (cookies, search lists, monitoring clicked links, etc.)
  • How you will store (or not store) the data once it is taken.
  • How you will secure their information.


Be specific regarding third parties that may have access to their information through you. Will you share information with affiliate partners, for example? Let them know. And let them know your 3rd party criteria: for example, you might only share with affiliate partners who meet certain minimum security requirements. Advise your users that you may need to follow legal directives and if compelled by law, disclose information.


Make sure that the policy is easily accessible on the site. Don’t make them look for it.


Let them know that you will occasionally update the privacy policy, and when it was last updated. Let them know how you will notify them of changes to the policy.

Contactpersonal information

  • Let your users know how they can contact you, and how they can opt out of communicating with you.
  • Tell them how they can verify and/or correct, change or remove personal information if they choose. Make sure there is an easy way for them to do this.


You may be thinking, “Why don’t I just cut and paste from another site and save this whole headache. Or maybe I should use one of the online privacy policy generators?”

Each privacy policy will reflect the footprint of your unique company. Using a policy generator will probably have you miss important, customized points relevant to your business. Copying from another website has the same downside, as well as exposing you to copyright infringement suits from the other company. In other words, the policy needs to be uniquely yours.

In the same vein, review your policy regularly and make sure it accurately reflects any changes you have made in doing business. Follow through on letting customers opt out at their request. Make sure that the data you store is indeed secure.

Your privacy policy and the actions you take around this issue are an important communication to your clientele about who you are and the way you do business. Treat it as such, and you will reap great benefits in the way your business is defined in the eyes of your public, and save yourself from legal trouble down the road.

The information presented is not legal advice, is not to be acted on as such, may not be current and is subject to change without notice.

By | 2016-11-04T16:56:23+00:00 June 13th, 2016|Articles, Featured Article, Internet Law|0 Comments

About the Author:

Daniel Klein
Law & Business student at IDC Herzliya. In his free time, he enjoys reading and playing the piano.

Leave A Comment