A beautifully crafted website not only showcases your business and passion but also brings in leads for your business. That’s why most websites include a contact form so that potential customers can get in touch with your business to inquire about your products or services. A contact form usually requests some information from the user such as their name, email, and phone number.

If you transmit consumer data from your website using a form, you need to have a privacy policy in place to protect your business. Non-compliance may result in fines or penalties.

Unfortunately, what most business owners do not realize is that having a contact form subjects you to certain privacy laws and therefore requires you to have a compliant Privacy Policy. In this blog post, I will: 

• Show you why your website needs a Privacy Policy; 
• Inform you of what laws apply to most websites; and 
• Recommend you an easy to implement solution that will get you compliant.

While all of the new privacy laws and proposed bills can be a bit confusing, a few important principles can help you navigate the current regulatory landscape. 

Why your website needs a privacy policy

Since most websites have a contact form, we will assume that yours does too. A contact form collects information such as name, email and phone number. All of this information is defined as “personally identifiable information” as it can be used to identify someone. While the use of PII has been a wild west in the past, currently, it is clear that consumers are more interested in the privacy of the information they share online than ever before. Due to consumer interest and some unfortunate data abuses in the past (think Facebook and Cambridge Analytica), states and governments have been proposing and passing new privacy laws that would protect PII.

Here’s what you need to know: if you are collecting PII on your website, you probably need a Privacy Policy.

What laws require you to have a privacy policy?

Currently, there are four laws that require Privacy Policies: 

1. General Data Protection Regulation: this European Union law requires all companies located in the European Union that collect PII to have a Privacy Policy. If you are not located in the EU, the law applies to you if:
   1. You offer goods or services to EU residents;
   2. You monitor the behavior of EU residents; or
   3. You process and hold the data of EU residents.
2. California Online Privacy Protection Act: this law applies to you if you collect the PII of California residents on your website. 
3. California Consumer Privacy Act: this law applies to you if you do business in California and you:
   1. Have annual gross revenues of over $250,000,000;
   2. Annually buy, receive, sell or share the personal information of 50,000 or more California residents, households or devices; or
   3. Derive 50% or more of your annual revenue from selling the personal information of California residents.
4. Nevada Chapter 603A/SB220: this law applies to you if you:
   1. Collect the PII of Nevada residents; or
   2. Purposefully direct your activities to Nevada, enter into transactions with Nevada consumers or conduct business in Nevada.

If you are not located in California or Nevada, your first instinct may be that these laws do not apply to you and thus you do not need to worry about it. Let me ask you this question: when you go online to search for whatever it is that you need, do you only visit the websites in your state? Usually, people search by what they need and not by location. So, unless you offer hyper-local services, it is possible that the laws of other states would apply to your website. 

Furthermore, there are over ten other states that have proposed their own privacy bills that would require you to change your Privacy Policy to conform to their requirements. These bills would impose hefty fines for non-compliance. 

Here’s what you need to know: the privacy laws of other states and governments may apply to your website and require you to have a Privacy Policy. 

Privacy policy solution for your business

It is clear that if your website collects PII via a contact form, you need to have a Privacy Policy that is compliant with the existing law. You also need to update your policy whenever the laws change so that you stay compliant.

If you want to make sure your business stays compliant with privacy laws across the country, I recommend you check out Termageddon, an affordable solution to generating Privacy Policies that automatically updates your policies whenever the laws change.

Save 10% with promo code: JEREMY