Your Free Privacy Policy Could Be Costly

James Chiodo, Certified Information Privacy Professional CIPP/US

Your website privacy policy is essentially a legal contract between you
and your visitors and
 customers. You can be held legally accountable for the statements and promises contained in your privacy policy, especially if you do not live up to the promises you make.

Also, there are specific disclosures required by law that need to be included in your website or mobile app privacy policy.

When website and mobile app owners tell visitors and consumers they will safeguard their personal information as outlined in their privacy policy, the FTC will take legal action to make sure the owners live up to their promises in their privacy policies. This includes charging website and mobile app owners with violating Section 5 of the FTC Act that prohibits unfair and deceptive practices in commerce.

If that is not enough to get you to reconsider using a free privacy policy template, the FTC has 33 other rules and laws that give the FTC power to safeguard the privacy of consumers. And the new General Data Protection Regulation (GDPR) will surely make your free privacy policy completely inadequate. Your privacy policy will either help protect you or get you into legal trouble depending on how it is drafted and your adherence to the promises and provisions contained within it.

This brings us to the free privacy policies that are given away on the Internet ……

To be fair to the websites offering a free privacy policy that we may have missed, we could not check or find every possible website on the Internet that was giving away a free privacy policy. However, we did check 14 different websites giving away a free privacy policy and several websites using free online generators to create a website privacy policy.

As of this post, we have not seen any of the free privacy policies offered on the Internet that comply with the current privacy laws. And worse, some of the wording in these privacy policies are potential legal landmines.

Our opinion after researching different websites that offered a free privacy policy is this:

1.  Not one of the free privacy policies offered complied with Internet privacy laws.

2.  Although we listed our address as living in California, none of the free privacy policy templates mentioned, referenced or complied with California’s “Do Not Track Law.” Even more surprising is that one of the websites giving away a free privacy policy was a law firm located in California.

3.  A well-drafted provision describing the treatment of customer’s credit card information was nonexistent with almost all of the policies we looked at.

4.  Most had no provision for (children.)

5.  Most lacked a detailed provision explaining what type of information they collected and how it is used.

6. None of the free privacy policies had provisions for the Google Analytics, AdSense or remarketing.

7. None of the free privacy policies had language to comply with the new General Data Protection Regulation (GDPR).

FTC says to honor your privacy promises.
The FTC has taken legal action against many companies that claimed to protect the privacy or security of its visitors or customer’s information but didn’t live up to their promises when operating their websites and mobile apps. The FTC also has taken legal action against companies that made wide-ranging statements in their privacy policy but then failed to disclose the degree to which they collected or shared information with others.

Troublesome Provisions
Here are just a couple of provisions in the free privacy policies that could be the grounds for FTC legal action or possible lawsuits from users or customers if their website was hacked or other situations occurred where personal information was accidentally divulged to other parties or made public:

1.  We shall strive and shall take every precaution to preserve adequate physical, procedural and technical security with respect to its offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, the disclosure of the user’ personal information.

2.  We adopt correct data collection, storage and processing practices and security measures to protect against unauthorized access, change, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

Under the law, you have to take reasonable steps to keep personal information secure.  At the minimum, you have to comply with the privacy assurances you make to your visitors or customers.  However, making statements or implying that a visitor or customer’s personal information will always be secure will increase your legal liability.

Directly below is part of a provision in our attorney-drafted privacy policy that tells visitors and customers the steps we take to protect their information. Notice there are no implied or stated guarantees that their information will remain secure and we also go to the extent of saying “we cannot fully guarantee against such loss or misuse of information.

We have built our website using industry-standard security measures and authentication tools to protect the security of your personal data (PD). We and the third parties who provide services for us, also maintain technical and physical safeguards to protect your PD. When we collect your credit card information through our website, we will encrypt it before it travels over the Internet using industry-standard technology for conducting secure online transactions. Unfortunately, we cannot guarantee against the loss or misuse of your PD or secure data transmission over the Internet because of its nature.

The few dollars you save by downloading and using a free privacy policy template from the Internet could be costly in the long-run. A poorly drafted privacy policy may do far more harm than not having one at all.

Click here to see our privacy policy that was drafted by a licensed attorney and Certified Information Privacy Professional to help you comply with global privacy laws.


New California & Nevada Privacy Laws Affect Website and Mobile App Owners ➞ Read More