Privacy policies are required

During last Summer’s research project looking at hundreds of WooCommerce powered sites I discovered that only half had privacy policies. As a fiduciary duty to clients I inform them that privacy policies are required by law.

As a full-stack developer content and legal matters are not exactly within my wheelhouse, so I usually send folks over to LegalZoom, RocketLawyer, TermsFeed, etc. Some will copy and edit policy documents from whom they consider a trusted source, such as a bigger competitor or a trusted industry resource.

Privacy policies are required by state, federal, and international laws for websites that collect any personal information, such as name, email, address, phone. The policy describes what information is collected, how it’s collected and why.

CalOPPA affects anyone who collects personal information from people residing in California requiring:

  • What personal data is collected
  • Affiliated organizations the data may be shared with
  • Requesting amendments to data collected
  • Whether “Do Not Track” requests are supported
  • Third parties who collect personal data on the site
  • Process for changes to the policy
  • The effective date

Further categories of regulations apply to websites. Pay attention to:

  • Children and minors laws (Fed COPPA)
  • Cookie compliance laws (Cal CCPA)
  • Consumer data protections
  • European Union data protection laws referred to as GDPR and eDP
  • Google Analytics Terms of Service compliance
  • Industry-specific regulations to consider such as the financial industry or health industry HIPAA.
  • Payment card industry (PCI) compliance based on SAQ questionnaire status.
  • Payment processor terms/conditions requirements, including return, refund, and charge-back policies.
  • Website accessibility standards (WAI)

Helpful Resources

Disclaimer: I am not a lawyer and this is not to be taken as legal advise.