→ Questions? 1-800-963-2902 | Contact Us | About Us | Blog | Home

Your Free Privacy Policy Could Be Costly

James Chiodo, Certified Information Privacy Professional CIPP/US

Your website privacy policy is essentially a legal contract between you and your visitors and customers. Although not exactly like a traditional contract, you are still accountable for the statements and promises contained in your privacy policy, especially if you do not live up to the promises you make.

Also, there are specific disclosures required by law that need to be included in your privacy policy.

When website and blog owners tell visitors and consumers they will safeguard their personal information as outlined in their privacy policy, the FTC will take legal action to make sure the  owners live up to their promises in their privacy policies. This includes charging website and blog owners with violating Section 5 of the FTC Act that prohibits unfair and deceptive practices in commerce.

If that is not enough to get you to reconsider using a free privacy policy template, the FTC has 33 other rules and laws that give the FTC power to safeguard the privacy of consumers. Your privacy policy will either help protect you, or get you into legal trouble depending on how it is drafted and your adherence to the promises and provisions contained within it.

This brings us to the free privacy policies that are given away on the Internet ……

To be fair to the websites offering a free privacy policy that we may have missed, we could not check or find every possible website on the Internet that was giving away a free privacy policy. However, we did check 10 different websites.

As of the date of this post, we have not seen any of the free privacy policies offered on the Internet that comply with the current laws. And worse, some of the wording in these privacy policies are potential legal land mines.

Our opinion after researching 10 different websites that offered a free privacy policy is this:

1.  Not one of the free privacy policies offered complied with Internet privacy laws.

2.  Although we listed our address as living in California, none of the free privacy policy templates mentioned, referenced or complied with California’s “Do Not Track Law.” Even more surprising is that one of the websites giving away a free privacy policy was a law firm located in California.

3.  A well-drafted provision describing the treatment of customer’s credit card information was nonexistent with almost all of the policies we looked at.

4.  Most had no provision for (children.)

5.  Most lacked a detailed provision explaining what type of information the website or blog collected and how it is used.

6. None of the free privacy policies and provisions for Google Analytics, AdSense or remarketing.

FTC says to honor your privacy promises.
The FTC has taken legal action against many companies that claimed to protect the privacy or security of its visitors or customer’s information, but didn’t live up to their promises when operating their websites and blogs. The FTC also has taken legal action against companies that made wide-ranging statements included in their privacy policies, but then failed to disclose the degree to which they collected or shared information with others.

Troublesome Provisions
Here are just a couple of provisions in the free privacy policies that could be the grounds for FTC legal action or possible lawsuits from visitors or customers if their website or blog was hacked or other situations occurred where personal information was accidentally divulged to other parties or made public:

1.  We shall strive and shall take every precaution to preserve adequate physical, procedural and technical security with respect to its offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure of the user’ personal information.

2.  We adopt correct data collection, storage and processing practices and security measures to protect against unauthorized access, change, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

Under the law, you have to take reasonable steps to keep important information secure.  At the minimum, you have to comply with the privacy assurances you make to your visitors or customers.  However, making statements or implying that a visitor or customer’s information will always be secure is increasing your risk for legal action against you.

Here is part of a provision provided in our attorney-drafted privacy policy that tells visitors and customers the steps we take to protect their information. Notice there are no implied or stated guarantees their information will remain secure and we go to the extent of saying “we cannot fully guarantee against such loss or misuse of information.

We have taken steps to build our Website using sophisticated encryption and authentication tools to protect the security of your PII.   When we collect your PII through our Website, we will encrypt your PII before it travels over the Internet using industry standards as establishing for conducting secure online transactions.

We also use industry standard technologies such as secure routers and fire walls to make sure that your PII is safe.  Unfortunately, we cannot fully guarantee secure data transmission over the Internet because of its nature. 

Once we receive your PII, we have industry standard security measures in place to protect against the loss or misuse of your PII, though again, we cannot fully guarantee against such loss or misuse.

The few dollars you save by downloading and using a free privacy policy template from the Internet could be costly in the long-run. A poorly drafted privacy policy may do far more harm than not having one at all.

Click here to see our attorney drafted privacy policy that will help you comply with state, federal, and international laws.

GDPR Takes Effect on May 25, 2018. Are You Ready?➞ Learn More