{"id":1146,"date":"2023-01-05T09:05:00","date_gmt":"2023-01-05T14:05:00","guid":{"rendered":"https:\/\/www.amp.legal\/blog\/?p=1146"},"modified":"2023-08-25T21:11:31","modified_gmt":"2023-08-26T01:11:31","slug":"privacy-policy-essential-parts","status":"publish","type":"post","link":"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/","title":{"rendered":"Privacy Policy Essential Parts"},"content":{"rendered":"\n

In the United States of America, a number of states require companies to have a privacy policy posted on their websites. However, regardless of legal requirements, every website should have a privacy policy. <\/p>\n\n\n\n

A privacy policy (or privacy notice) needs to be concise and have a warm tone. Importantly, a privacy policy should reflect a company\u2019s brand. As a result, a privacy policy will help a company gain goodwill with users and give them confidence in the company.<\/p>\n\n\n\n

Personally Identifiable Information<\/h3>\n\n\n\n

A website collects personally identifiable information<\/a> (PII) in a variety of ways. For example, a user may send PII directly to a company through a contact form. Also, a website may automatically collect PII quietly in the background, such as identifying the IP address<\/a> of a user.<\/p>\n\n\n\n

Basic Privacy Policy Sections<\/h3>\n\n\n\n

A privacy policy should disclose what types of personal data a website collects, uses, and shares. Basically, a policy needs to provide an explanation of what types of PII a website processes. Importantly, a policy should include any applicable legal requirements.<\/p>\n\n\n\n

The basic sections of a privacy policy should include:<\/p>\n\n\n\n

    \n
  1. Introduction<\/strong> \u2013 Provide a friendly introduction to your policy, such as \u201cprotecting your personal information is important to us.\u201d Identify the parties that the policy applies to.<\/li>\n\n\n\n
  2. Collection of PII <\/strong>\u2013 Identify the personal data that the website collects from users, such as first and last name, address, email, etc. List any data that the website automatically collects, such as in website logs and traffic analyzers. Include explanations of any methods that automatically collect data (using cookies, etc.).<\/li>\n\n\n\n
  3. Use of PII <\/strong>\u2013 Describe how you use the personal information that you collect. Explain where you keep the data and how long you keep it.<\/li>\n\n\n\n
  4. Sharing with Third Parties <\/strong>\u2013 Explain if you share personal data with any third parties. Also, explain when you are legally required to share data, such as responding to an information request from law enforcement or a judicial authority.<\/li>\n<\/ol>\n\n\n\n

    Consenting and Communicating<\/h3>\n\n\n\n

    Users need to understand the contents of a privacy policy. Also, users need to have a way to contact someone about their concerns. All policies should include the following:<\/p>\n\n\n\n

      \n
    1. Consent bar <\/strong>\u2013 Place a consent bar<\/a> on your website that prompts users to agree to accept cookies and to read the privacy policy. This is a crucial step to making your website GDPR<\/a> compliant.<\/li>\n\n\n\n
    2. Contact information<\/strong> \u2013 Provide contact information with an email link, such as privacy@company.com, so that users can communicate with someone about their concerns.<\/li>\n\n\n\n
    3. Updates to the policy <\/strong>\u2013 Explain how users are notified when the policy is updated.<\/li>\n\n\n\n
    4. E-mail communications <\/strong>\u2013 Explain your policies with contacting users via email, such as when they submit a contact form or subscribe to a newsletter.<\/li>\n<\/ol>\n\n\n\n

      Legal Requirements<\/h3>\n\n\n\n

      There are many jurisdictions that require specific sections in a privacy policy. These sections may include providing a list of user rights and having procedures that allow users to opt-out<\/a> of the selling of their PII. <\/p>\n\n\n\n

      You should consult with an attorney that is licensed in your jurisdiction to review any legal requirements. Although your company is located in a jurisdiction without any privacy policy requirements, you may have users that reside somewhere with legal requirements. Therefore, to avoid penalties, it\u2019s a good idea for your policy to be generally compliant with privacy laws.<\/p>\n\n\n\n

      Legally\nrequired sections in a privacy policy may include:<\/p>\n\n\n\n

        \n
      1. Opt-out of sale or disclosure of PII to third parties <\/strong>\u2013 Explain how users can opt-out of having their PII shared with others.<\/li>\n\n\n\n
      2. Opt-out or unsubscribe from third party communications <\/strong>\u2013 Explain how users can opt-out of subscription emails and third-party subscriptions made through the company.<\/li>\n\n\n\n
      3. Do Not Track requests <\/strong>\u2013 Explain how your website responds to a Do Not Track<\/a> (DNT) request when users choose to have their browsers send a DNT request when they are browsing the web.<\/li>\n\n\n\n
      4. Right to deletion (\u201cright to be forgotten\u201d) <\/strong>\u2013 Provide a procedure to allow users to delete their data once the company no longer needs it. You should also explain the circumstances of when (and why) data is retained.<\/li>\n<\/ol>\n\n\n\n

        Relevant Information<\/h3>\n\n\n\n

        A privacy policy should disclose any relevant information that users may need to know to make an informed decision about using a company\u2019s services and products. Relevant information includes:<\/p>\n\n\n\n

          \n
        1. Security of your PII <\/strong>\u2013 Explain how the company secures data. Provide an accurate overview of any security features.<\/li>\n\n\n\n
        2. Disconnecting an account from third party websites <\/strong>\u2013 If you allow logins through a third-party platform, explain how the user can disconnect from the service.<\/li>\n\n\n\n
        3. Children under thirteen <\/strong>\u2013 Explain if the website collects data from children. To be compliant with the Children\u2019s Online Privacy Protection Act (COPPA), the FTC recommends<\/a> posting a privacy policy so visitors can easily learn about the website\u2019s practices with children\u2019s PII.<\/li>\n\n\n\n
        4. External data storage sites <\/strong>\u2013 Explain how the company stores data, such as using web servers located in another country.<\/li>\n<\/ol>\n\n\n\n

          Policy Accuracy <\/h3>\n\n\n\n

          A company needs to periodically update its privacy policy to disclose changes with how it collects, uses, and shares data. The policy should always reflect a company\u2019s business model, and it should never include incorrect information, which is engaging in deceptive practices. The FTC enforces<\/a> the accuracy of privacy policies and can bring legal actions against organizations that mislead users. Above all, the accuracy of a privacy policy reflects a company\u2019s reputation as being honest and reliable.<\/p>\n\n\n\n

          Image by\u00a0Markus Winkler<\/a>\u00a0from\u00a0Pixabay<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

          In the United States of America, a number of states require companies to have a privacy policy posted on their websites. However, regardless of legal requirements, every website should have a privacy policy. A privacy […]<\/p>\n","protected":false},"author":1,"featured_media":1147,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[78],"tags":[127,123,121,12],"yoast_head":"\nPrivacy Policy Essential Parts - Cyber Law Blog<\/title>\n<meta name=\"description\" content=\"A privacy policy is an important way to show users that a company is reliable. The policy should explain how the company collects, uses, and shares data.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Privacy Policy Essential Parts - Cyber Law Blog\" \/>\n<meta property=\"og:description\" content=\"A privacy policy is an important way to show users that a company is reliable. The policy should explain how the company collects, uses, and shares data.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Law Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-05T14:05:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-26T01:11:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2023\/01\/privacy-policy-typewriter.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/\"},\"author\":{\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\"},\"headline\":\"Privacy Policy Essential Parts\",\"datePublished\":\"2023-01-05T14:05:00+00:00\",\"dateModified\":\"2023-08-26T01:11:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/\"},\"wordCount\":897,\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"keywords\":[\"Federal Trade Commission\",\"privacy law\",\"privacy notice\",\"privacy policy\"],\"articleSection\":[\"Data Privacy\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/\",\"name\":\"Privacy Policy Essential Parts - Cyber Law Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\"},\"datePublished\":\"2023-01-05T14:05:00+00:00\",\"dateModified\":\"2023-08-26T01:11:31+00:00\",\"description\":\"A privacy policy is an important way to show users that a company is reliable. The policy should explain how the company collects, uses, and shares data.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.amp.legal\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Privacy Policy Essential Parts\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"name\":\"Cyber Law Blog\",\"description\":\"Exploring technology law in cyberspace\",\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.amp.legal\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\",\"name\":\"Alice M. Porch, P.A.\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"contentUrl\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"width\":1104,\"height\":1114,\"caption\":\"Alice M. Porch, P.A.\"},\"image\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\",\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"caption\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\"},\"description\":\"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.\",\"sameAs\":[\"https:\/\/www.aliceporch.com\",\"https:\/\/www.linkedin.com\/in\/alice-m-porch\/\"],\"url\":\"https:\/\/www.amp.legal\/blog\/author\/amplegal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Privacy Policy Essential Parts - Cyber Law Blog","description":"A privacy policy is an important way to show users that a company is reliable. The policy should explain how the company collects, uses, and shares data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/","og_locale":"en_US","og_type":"article","og_title":"Privacy Policy Essential Parts - Cyber Law Blog","og_description":"A privacy policy is an important way to show users that a company is reliable. The policy should explain how the company collects, uses, and shares data.","og_url":"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/","og_site_name":"Cyber Law Blog","article_published_time":"2023-01-05T14:05:00+00:00","article_modified_time":"2023-08-26T01:11:31+00:00","og_image":[{"width":900,"height":525,"url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2023\/01\/privacy-policy-typewriter.jpg","type":"image\/jpeg"}],"author":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/#article","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/"},"author":{"name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f"},"headline":"Privacy Policy Essential Parts","datePublished":"2023-01-05T14:05:00+00:00","dateModified":"2023-08-26T01:11:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/"},"wordCount":897,"publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"keywords":["Federal Trade Commission","privacy law","privacy notice","privacy policy"],"articleSection":["Data Privacy"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/","url":"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/","name":"Privacy Policy Essential Parts - Cyber Law Blog","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/#website"},"datePublished":"2023-01-05T14:05:00+00:00","dateModified":"2023-08-26T01:11:31+00:00","description":"A privacy policy is an important way to show users that a company is reliable. The policy should explain how the company collects, uses, and shares data.","breadcrumb":{"@id":"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.amp.legal\/blog\/privacy-policy-essential-parts\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amp.legal\/blog\/"},{"@type":"ListItem","position":2,"name":"Privacy Policy Essential Parts"}]},{"@type":"WebSite","@id":"https:\/\/www.amp.legal\/blog\/#website","url":"https:\/\/www.amp.legal\/blog\/","name":"Cyber Law Blog","description":"Exploring technology law in cyberspace","publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amp.legal\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.amp.legal\/blog\/#organization","name":"Alice M. Porch, P.A.","url":"https:\/\/www.amp.legal\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","contentUrl":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","width":1104,"height":1114,"caption":"Alice M. Porch, P.A."},"image":{"@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f","name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","caption":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+"},"description":"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.","sameAs":["https:\/\/www.aliceporch.com","https:\/\/www.linkedin.com\/in\/alice-m-porch\/"],"url":"https:\/\/www.amp.legal\/blog\/author\/amplegal\/"}]}},"_links":{"self":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/1146"}],"collection":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/comments?post=1146"}],"version-history":[{"count":26,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/1146\/revisions"}],"predecessor-version":[{"id":1206,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/1146\/revisions\/1206"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media\/1147"}],"wp:attachment":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media?parent=1146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/categories?post=1146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/tags?post=1146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}