Protecting Your Website From Liability- Part 2: Privacy Policies

In our last blog post we discussed Terms of Service Agreements. In this second part of the two part series on protecting your website from liability, we provide business owners with what they need to know about Privacy Policies.

What is a Privacy Policy?

A Privacy Policy is a fine-tuned version of the Terms of Service Agreement that sets out how the website owner will collect, use, and protect the information that is provided to the website by the user.  

Who Needs a Privacy Policy?

If a website collects any personal information (name, address, email address, etc.) from the user then a privacy policy is necessary.  However, solely informational websites may need a privacy policy where the website uses cookies to collect information regarding the user.  Additionally, even if the website is solely informational and does not use cookies, it is still a good idea to have a privacy policy attached because many third-party apps (Google, Apple, etc.) require all business partners to disclose how collected information is handled. Furthermore, search engines tend to prioritize websites with privacy policies.  As a result, adding a Privacy Policy could increase traffic to your website.  

What Information Should be Included in the Privacy Policy?

Much like the Terms of Service Agreement, a Privacy Policy must be tailored to the specific needs of the business.  However, the following terms should likely be included:

  • The Privacy Policy should provide notice to the user that the website collects information and should identify the specific type of information being collected. 
  • The Privacy Policy should discuss why the data is being collected.    
  • The Privacy Policy must state how a user may opt out of data collection.  This option to opt out may be as simple as advising the user to refrain from using and/or providing information to the website.   
  • The Privacy Policy needs to provide what measures are taken to protect the information supplied by the user. Specifically, the website owner needs to disclose how the website collects, processes, stores, shares, and protects user information.  This disclosure includes whether the website uses cookies or other technology to track its users.  
  • If a website is targeted toward minors, special provisions will need to be included that contain language from the Children’s Online Privacy Protection Act (COPPA).   

In conclusion, while it may not be the most fascinating part of a website, Terms of Service Agreements and Privacy Policies are necessary.  Regardless of whether a website is informational or collecting user data, best practices suggest the inclusion of these agreements. If well tailored, a Terms of Service Agreement and Privacy Policy can protect the website owner from unnecessary headaches and liabilities.   

April Slokan Oliverio is Of Counsel at Jordon Voytek. She focuses her practice on mergers and acquisitions, and business formations and governance, as well as general corporate advice and assistance.  She is available to assist businesses of all sizes with their day-to-day legal needs. To contact her please contact April directly at, or by phone at 304.216.2119.