Skip to main content

Why you need a privacy policy

Posted in Content

A privacy policy lets your visitors know that you care about their privacy. If you collect their data in any way you’re obliged to tell them.

Here are some examples of how your site may be collecting information on your visitors’:

  • If you’re (very sensibly) monitoring activity on your site. This kind of thing is done with a tool such as Google Analytics and is a great way to inform improvements to your site
  • If you have a contact form on your site. What do you do with the information your visitors send you? Their names, email addresses, phone numbers are being entrusted to you, and the message they’re sending you may be confidential
  • Do you have a mailing list sign up on your site? If so, you need to tell your signer-uppers what you’ll be doing with their details
  • If you have a login area on your website. Your site needs to remember the visitor is logged in from one page to the next and this is done by setting a ‘cookie’ in their browser
  • If you take payments on your site you need to tell your customers what you’ll be doing with their personal details as well as how you’ll be storing their credit card information.
  • Social media ‘follow’ buttons, adverts and other third party widgets will track your visitors, and is something they should be made aware of

Collecting visitor info is normal

The list above is pretty standard. There’s nothing sinister going on and the overwhelming majority of websites will be doing at least one of those things, if not a few.

What if I don’t have a privacy policy?

A privacy policy is a legal, as well as moral, requirement. The Information Commissioner’s Office (ICO) is the government body that looks after all things privacy related and they’ve been involved in a good deal of website-related controversy in recent years…

Cookies

A few years ago there was a bit of a hoo-ha surrounding cookies on the web. A cookie is a snippet of code that a website sets in your web browser. Let’s use the members’ area login example from earlier:

  1. A member logs in on your site
  2. Your site sets a cookie in their browser that says ‘this person is logged in’
  3. When they navigate around the members’ area, it uses this cookie to keep them logged in
  4. If they log out the cookie will be amended so they can’t see the members-only pages any more

Useful stuff! Similarly, when someone visits your site, it’s likely that a cookie is set that tracks which pages they’re looking at, how long they’re on each page, etc.

Of course, cookies can be used to more intrusive ends, which is why the law was passed. But the law was rather heavy-handed… Here’s a great video that summarises things nicely:

And here’s the accompanying website.

It seems we’re legally required to get permission from our visitors to track their information.

So do I need a pop up?

A difficult question… Strictly speaking: yes. But it’s more complicated than that.

I’m no lawyer, so I don’t want to tell you not to. What I can say is that I don’t have a pop up that asks for permission to set cookies, or even one that simply informs the visitor I’m setting cookies. I do, however, have a privacy policy that’s accessible from every page of the site (in the footer).

Pop-ups are a horrible thing to inflict on users, and Google have recently blogged that they will penalise sites with pop ups.

So the choice is yours, but the minimum I’d recommend is that you have a privacy policy.

How do I get a privacy policy?

So we agree that a privacy policy is necessary. It’s the very least you need to be on your way to compliance with the ICO’s rules.

You could write your own policy. Or find someone else’s and amend it, but that all sounds like a lot of work. A quick web search will present you with a number of online tools that will generate a policy for you. All you have to do is fill out a questionnaire.

I’ve tried a few tools over the years and one of the best I’ve found is at PrivacyPolicies.com. There’s a small one-off fee if your website is for commercial use (and if it’s your business’s website, it’s commercial) but it’s well worth it for the effort it will save you.

Conclusion

A privacy policy is the bare minimum required by pretty much all website owners to not only reassure their visitors that they’re not doing anything untoward with their information, but to comply with the law.

Hire me

If you like what you’ve read and think we’d work well together, I’d love to hear from you.

Contact me now

More resources

Here are a couple more resources for you to enjoy. If that’s not enough, have a look at the full list.

  1. Alt text for CSS generated content

    There’s an interesting feature in Safari 17.4 that allows content added with CSS to have ‘alt’ text. I’m not sure how I feel about this.

  2. The accessibility conversations you want to be having

    In most companies, accessibility conversations centre around WCAG compliance, but that’s just the start. Thinking beyond that is where you want to be!