How to Write a Privacy Policy for a Small Business

How to Write a Privacy Policy for a Small Business
Page content

Why Does a Small Business Need a Privacy Policy?

Making the decision to write a privacy policy for a small business is the next stage in growing the business, particularly through the Internet. A privacy policy represents the gold seal of trust between the small business and their customers and helps to communicate the business’ commitment to protecting the customer’s personal information from unwanted and unauthorized use. A privacy policy is also a cornerstone to growing a business successfully by building customer loyalty and increasing e-commerce activity.

What Should Be Included in a Privacy Policy?

Many people are becoming more aware of protecting their privacy and a small business embarking on writing a privacy policy needs to address their customers concerns regarding privacy. Here are some standard provisions that every business should include in their privacy policy:

  • Pledge to protect privacy – At the beginning of the privacy policy, the small business should include a statement about the business’s commitment to protecting the privacy of its customers and, if applicable, visitors to its website.

  • Type of personal information collected actively List the personally identifiable information collected actively from each user such as name, e-mail, work address, telephone number, and credit card number, and any anonymous demographic information collected, including age, gender, preferences, interests, and favorites. Inform the customers how this information is collected and whether providing this information is a prerequisite to using the small business’s website.

  • Type of information collected passively or automatically If the business has a web presence, list the information collected through the use of “cookies” or other similar technologies. Inform users of the reason for collecting the information and whether the information will be disclosed to third parties. Give a brief explanation of any technical terms, such as cookies, and how the users can turn them off from their browsers.

  • Information sharing – Explain the need for sharing the user’s information with “trusted partners” for certain purposes for the benefit of the customer or to better serve the customer in the future. For example, list activities related to the delivery of the merchandise and third party analysis of customer preferences. Also, include language informing customers that the small business has the right to disclose information if legally compelled to do so (i.e. through a court order, subpoena, or upon a merger or acquisition of the small business).

  • Security – Outline the measures that the small business is taking to protect the customer’s personal information. Pay attention to the wording of this provision and be specific on the security that the small business will provide. The Federal Trade Commission takes very seriously the promises made by businesses to protect the consumer’s personal information and will prosecute for unfair or deceptive practices.

  • Opt-out provisions Describe the process for users and customers to opt-out or unsubscribe from the promotions, special offers, and solicitations offered by the small business and its trusted partners. Give customers a reliable timeframe for when they can expect the solicitations to cease if not immediately.

  • Contact information – Provide multiple contact sources (mail, e-mail, and telephone number) for customers to submit questions and comments relating to the privacy policy.

  • Effective date If the privacy policy is changed in the future, provide the date that the policy will be effective.

Practical Tips to Write a Privacy Policy for a Small Business

In addition to the general content of the privacy policy, small businesses should consider these aspects when writing their privacy policy:

  1. Avoid jargon. If you have to use technical terms, such as cookies or SSL (Secured Sockets Layer), be sure to explain them in understandable everyday language.
  2. Post the privacy policy in a conspicuous place on the first page of the website with the terms of service agreement and other general information.
  3. If your business is directed to children or collects information from children under 13 years of age, review and implement the requirements imposed by Children’s Online Privacy Protection Act (COPPA).
  4. Conduct market research of published privacy policies of other similarly-situated small businesses to determine the standard practices. As your business grows, review the more comprehensive privacy policies of businesses such as and Barnes and Noble.
  5. Highlight the small business’s goodwill and commitment to privacy by listing what the company does not do with the consumer’s information such as sell, rent, or lease it to third parties.
  6. Obtain a privacy trust seal from a well-recognized trust service provider such as TRUSTe or Trust Guard to build client confidences.
  7. Review the privacy policy annually to reflect current practices and policies.

Image Credit: taylorschlades /