If you’re starting any kind of company today, the answer is likely yes, you really do.
- California Online Privacy Protection Act
- Privacy Shield
- EU General Data Protection Regulation (effective May 2018)
- Children's Online Privacy Protection Rule
The FTC isn’t afraid of enforcing punishments for companies that violate consumers' privacy, regardless of size or prominence. They’ve taken action against many companies -- even ones as big as Google and Facebook -- for failing to properly disclose how they used their customer’s data.
They also usually outline your policy for storing customer data. How long you’re planning to store data is a big deal -- are you storing someone’s info in perpetuity, or do you promise to delete it after 90 days? Privacy policies typically inform users how long their data will stay in your possession.
Depending on where your company is located, you might also have to include where the data is being stored. Even if you’re not storing it yourself, you’d need to disclose the physical data center (e.g. an AWS US-East server in northern Virginia).
Finally, privacy policies often include the security policy you use to protect the data you’re collecting. This usually means an outline of the security measures taken to safeguard customer data by you, or the vendors you use. Here’s HubSpot’s security policy for reference.
When writing a policy, it should be clear and explicit so any user can understand it.
Again, we emphasize that you should consult with an attorney on what type of policy is best for your needs.
And Now, Some Legalese ...
This blog post has provided information about the law designed to help our readers better understand the legal issues surrounding internet marketing. But legal information is not the same as legal advice -- the application of law to an individual’s specific circumstances.
Although we have conducted research to better ensure that our information is accurate and useful, we insist that you consult a lawyer if you want professional assurance that our information, and your interpretation of it, is accurate.
To clarify further, you may not rely upon this information as legal advice, nor as a recommendation or endorsement of any particular legal understanding, and you should instead regard this article as intended for entertainment purposes only.
from Marketing https://blog.hubspot.com/marketing/you-need-a-privacy-policy