Why Your Website Needs a Privacy Policy

Web Design

Letters spelling out privacy.

Privacy Policies are a common sight on numerous websites, and there are two key reasons for this. Firstly, legal regulations mandate Privacy Policies for the majority of modern websites, and not having one can result in fines and potential legal ramifications concerning privacy issues. Secondly, with consumers becoming more mindful about sharing their Personally Identifiable Information (PII) with companies, the absence of a robust Privacy Policy that addresses these concerns can prompt them to seek out businesses that prioritize their privacy needs.

Read on to learn when a Privacy Policy is needed, what not do, and how to get one to protect your practice.

What is a Privacy Policy

A Privacy Policy is a document found on a website or app detailing a company’s approach to privacy, encompassing the methods of collecting, utilizing, and sharing Personally Identifiable Information (PII). PII refers to any data that could potentially identify an individual.

Websites frequently gather various types of Personally Identifiable Information (PII), such as:

  • Names
  • Email addresses
  • Phone numbers
  • IP addresses
  • Physical addresses


This PII is typically acquired through several website features, such as:

  • Contact forms
  • Email newsletter sign-up forms
  • Analytics tools like Google Analytics
  • Checkout forms


Does Your Website Require a Privacy Policy?

First, a caveat: We are not attorneys and cannot offer legal advice. If you are considering not having a privacy policy on your site, we highly encourage you to contact an attorney to understand what is needed for your particular website and business.

That said, we believe it’s best practice to add a Privacy Policy to your site as new privacy laws continue to be introduced. Privacy laws primarily safeguard consumers, not businesses. Given that individuals from various locations might submit their Personally Identifiable Information (PII) on your website, you may need to adhere to multiple privacy laws, regardless of whether your business is physically situated in those states or countries.

If you have a contact form on your website that collects Personally Identifiable Information (PII) such as names, emails, phone numbers, and addresses, then you need a Privacy Policy on your website.

There are many state-specific privacy laws. Some website owners mistakenly believe that a specific state law does not apply if they do not reside in that state. For example, let’s consider the California Online Privacy Protection Act of 2003 (“CalOPPA”). CalOPPA is a privacy law that protects the privacy rights of residents of California by requiring operators of websites that collect the PII of California residents to have a Privacy Policy on their websites. This means that, if your website collects the PII of California residents, your website needs to have a CalOPPA compliant Privacy Policy.

So, what if you are a mental health professional that does not work with clients in California? Do you still need to be CalOPPA compliant? The answer is yes. Whether CalOPPA applies depends on where the visitor resides, meaning that it could apply when anyone who lives in California fills out your contact form. If you do not have a CalOPPA compliant Privacy Policy, you face potential (hefty) fines for failure to comply. Privacy fines can range from $2,500 per violation to $20,000,000 or more.

Consumer Expectation

Over the past few years, consumers have grown more wary about sharing their Personally Identifiable Information (PII) with companies, leading some to discontinue business with certain firms over privacy apprehensions.

  • 93% of Americans would switch to a company that prioritizes privacy – Axios
  • 67% of Americans say that there should be tougher penalties, such as high fines, for companies that do not protect the privacy of consumers – Consumer Reports

Having a Privacy Policy on your site is both reassuring to your visitors AND can provide an advantage over competitors without one.

A One-and-Done Privacy Policy is Not Enough

Adding a static Privacy Policy to your site is not advisable since privacy laws are continuously changing. At the time of this writing, there are 25+ privacy laws in effect throughout the United States and internationally plus a dozen more proposed privacy bills and updates in the pipeline.

If you purchase a Privacy Policy or your attorney creates one for you, it can quickly become outdated and non-compliant which exposes you to privacy-related penalties and legal actions, leading to substantial financial losses and unnecessary stress.

Do Not Copy Someone Else’s Privacy Policy

Copying someone else’s Privacy Policy is copyright infringement and could get you sued.

The Privacy Policy text you’re copying might not align with your business. That business, even if they’re in your same niche, might gather different information on their website or share it with different entities.

Privacy laws are continuously changing, so there’s a good chance that Privacy Policy you’re scoping out has not been updated so won’t protect you anyway.

Where to Get a Comprehensive Privacy Policy

When selecting the appropriate Private Policy provider for your business, we highly recommend Termageddon to all of our clients. Termageddon’s Privacy Policy generator is easy and quick to set up, keeps your Privacy Policy updated as laws change, and helps you get compliant and avoid privacy-related fines and lawsuits. (While this is an affiliate link, we do not recommend anything we don’t use ourselves, and we confidently use Termageddon for our own legal website policies, as well.)

Protect Yourself with a Privacy Policy

Most websites are now legally required to have privacy policies to inform users about the data being collected, how it’s used, and how it’s protected. Protecting visitors demonstrates privacy respect, boosts site reputation, and complies with laws, fostering trust, repeat visits, and user experience.

You might also like